<!DOCTYPE html>
<html lang="en-US" prefix="og: https://ogp.me/ns#" >
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<!-- WP_HEAD() START -->
<meta name="viewport" content="width=device-width, initial-scale=1" />

<!-- Search Engine Optimization by Rank Math - https://s.rankmath.com/home -->
<title>Shadows From the Past Threaten Italian Enterprises - Yoroi</title>
<meta name="robots" content="follow, index, max-snippet:-1, max-video-preview:-1, max-image-preview:large"/>
<link rel="canonical" href="https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/" />
<meta property="og:locale" content="en_US" />
<meta property="og:type" content="article" />
<meta property="og:title" content="Shadows From the Past Threaten Italian Enterprises - Yoroi" />
<meta property="og:description" content="Introduction The modern cyber threat landscape hides nasty surprises for companies, especially for the most structured and complex companies. Many times, threat actors develop very dangerous and effective techniques using tools and technologies in a smart, unattended way.&nbsp; This is the case of a particular cyber criminal group operating cyber intrusion against one of the [&hellip;]" />
<meta property="og:url" content="https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/" />
<meta property="og:site_name" content="Yoroi" />
<meta property="article:publisher" content="https://www.facebook.com/weareyoroi" />
<meta property="article:tag" content="apt" />
<meta property="article:tag" content="cybercrime" />
<meta property="article:tag" content="italy" />
<meta property="article:tag" content="malware" />
<meta property="article:tag" content="threat" />
<meta property="article:section" content="research" />
<meta property="og:updated_time" content="2020-11-27T18:54:26+02:00" />
<meta property="og:image" content="https://i0.wp.com/yoroi.company/wp-content/uploads/2020/11/2.jpg" />
<meta property="og:image:secure_url" content="https://i0.wp.com/yoroi.company/wp-content/uploads/2020/11/2.jpg" />
<meta property="og:image:width" content="1024" />
<meta property="og:image:height" content="618" />
<meta property="og:image:alt" content="Shadows From the Past Threaten Italian Enterprises" />
<meta property="og:image:type" content="image/jpeg" />
<meta name="twitter:card" content="summary_large_image" />
<meta name="twitter:title" content="Shadows From the Past Threaten Italian Enterprises - Yoroi" />
<meta name="twitter:description" content="Introduction The modern cyber threat landscape hides nasty surprises for companies, especially for the most structured and complex companies. Many times, threat actors develop very dangerous and effective techniques using tools and technologies in a smart, unattended way.&nbsp; This is the case of a particular cyber criminal group operating cyber intrusion against one of the [&hellip;]" />
<meta name="twitter:image" content="https://i0.wp.com/yoroi.company/wp-content/uploads/2020/11/2.jpg" />
<meta name="twitter:label1" content="Written by" />
<meta name="twitter:data1" content="malwarezlab" />
<meta name="twitter:label2" content="Time to read" />
<meta name="twitter:data2" content="23 minutes" />
<script type="application/ld+json" class="rank-math-schema">{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://yoroi.company/#organization","name":"Yoroi","url":"https://yoroi.company","logo":{"@type":"ImageObject","@id":"https://yoroi.company/#logo","url":"https://yoroi.company/wp-content/uploads/2021/07/Mezzo-busto-1.png","caption":"Yoroi","inLanguage":"en-US","width":"240","height":"240"}},{"@type":"WebSite","@id":"https://yoroi.company/#website","url":"https://yoroi.company","name":"Yoroi","publisher":{"@id":"https://yoroi.company/#organization"},"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https://i0.wp.com/yoroi.company/wp-content/uploads/2020/11/2.jpg?fit=2159%2C1303&amp;ssl=1","url":"https://i0.wp.com/yoroi.company/wp-content/uploads/2020/11/2.jpg?fit=2159%2C1303&amp;ssl=1","width":"2159","height":"1303","inLanguage":"en-US"},{"@type":"Person","@id":"https://yoroi.company/author/malwarezlab/","name":"malwarezlab","url":"https://yoroi.company/author/malwarezlab/","image":{"@type":"ImageObject","@id":"https://secure.gravatar.com/avatar/de2eca8af7bbfde2ee4a84d59a3aa23f?s=96&amp;d=mm&amp;r=g","url":"https://secure.gravatar.com/avatar/de2eca8af7bbfde2ee4a84d59a3aa23f?s=96&amp;d=mm&amp;r=g","caption":"malwarezlab","inLanguage":"en-US"},"worksFor":{"@id":"https://yoroi.company/#organization"}},{"@type":"WebPage","@id":"https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/#webpage","url":"https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/","name":"Shadows From the Past Threaten Italian Enterprises - Yoroi","datePublished":"2020-11-30T09:02:00+02:00","dateModified":"2020-11-30T09:02:00+02:00","author":{"@id":"https://yoroi.company/author/malwarezlab/"},"isPartOf":{"@id":"https://yoroi.company/#website"},"primaryImageOfPage":{"@id":"https://i0.wp.com/yoroi.company/wp-content/uploads/2020/11/2.jpg?fit=2159%2C1303&amp;ssl=1"},"inLanguage":"en-US"},{"@type":"BlogPosting","headline":"Shadows From the Past Threaten Italian Enterprises - Yoroi","datePublished":"2020-11-30T09:02:00+02:00","dateModified":"2020-11-30T09:02:00+02:00","author":{"@id":"https://yoroi.company/author/malwarezlab/"},"publisher":{"@id":"https://yoroi.company/#organization"},"description":"The modern cyber threat landscape hides nasty surprises for companies, especially for the most structured and complex companies. Many times, threat actors develop very dangerous and effective techniques using tools and technologies in a smart, unattended way.&nbsp; This is the case of a particular cyber criminal group operating cyber intrusion against one of the most targeted and cyber-mature industry sectors: the Banking sector.","name":"Shadows From the Past Threaten Italian Enterprises - Yoroi","@id":"https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/#richSnippet","isPartOf":{"@id":"https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/#webpage"},"image":{"@id":"https://i0.wp.com/yoroi.company/wp-content/uploads/2020/11/2.jpg?fit=2159%2C1303&amp;ssl=1"},"inLanguage":"en-US","mainEntityOfPage":{"@id":"https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/#webpage"}}]}</script>
<!-- /Rank Math WordPress SEO plugin -->

<title>Shadows From the Past Threaten Italian Enterprises - Yoroi</title>
<link rel='dns-prefetch' href='//www.google.com' />
<link rel='dns-prefetch' href='//s.w.org' />
<link rel='dns-prefetch' href='//c0.wp.com' />
<link rel='dns-prefetch' href='//i0.wp.com' />
<link rel="alternate" type="application/rss+xml" title="Yoroi &raquo; Shadows From the Past Threaten Italian Enterprises Comments Feed" href="https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/feed/" />
<link rel='stylesheet' id='dashicons-css'  href='https://c0.wp.com/c/5.8.2/wp-includes/css/dashicons.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='elusive-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/elusive.min.css?ver=2.0' type='text/css' media='all' />
<link rel='stylesheet' id='font-awesome-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/font-awesome.min.css?ver=4.6.3' type='text/css' media='all' />
<link rel='stylesheet' id='foundation-icons-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/foundation-icons.min.css?ver=3.0' type='text/css' media='all' />
<link rel='stylesheet' id='genericons-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/genericons.min.css?ver=3.4' type='text/css' media='all' />
<link rel='stylesheet' id='slick-menu-icons-extra-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/css/extra.min.css?ver=0.10.1' type='text/css' media='all' />
<link rel='stylesheet' id='wp-block-library-css'  href='https://c0.wp.com/c/5.8.2/wp-includes/css/dist/block-library/style.min.css' type='text/css' media='all' />
<style id='wp-block-library-inline-css' type='text/css'>
.has-text-align-justify{text-align:justify;}
</style>
<link rel='stylesheet' id='mediaelement-css'  href='https://c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='wp-mediaelement-css'  href='https://c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/wp-mediaelement.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='contact-form-7-css'  href='https://yoroi.company/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.2' type='text/css' media='all' />
<link rel='stylesheet' id='cookie-law-info-css'  href='https://yoroi.company/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6' type='text/css' media='all' />
<link rel='stylesheet' id='cookie-law-info-gdpr-css'  href='https://yoroi.company/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6' type='text/css' media='all' />
<link rel='stylesheet' id='mailup-css'  href='https://yoroi.company/wp-content/plugins/mailup-email-and-newsletter-subscription-form/public/css/mailup-public.css?ver=1.2.0' type='text/css' media='all' />
<link rel='stylesheet' id='oxygen-aos-css'  href='https://yoroi.company/wp-content/plugins/oxygen/component-framework/vendor/aos/aos.css?ver=5.8.2' type='text/css' media='all' />
<link rel='stylesheet' id='oxygen-css'  href='https://yoroi.company/wp-content/plugins/oxygen/component-framework/oxygen.css?ver=3.7.1' type='text/css' media='all' />
<link rel='stylesheet' id='contact-form-7-email-spam-blocker-css'  href='https://yoroi.company/wp-content/plugins/wp-contact-form7-email-spam-blocker/public/css/contact-form-7-email-spam-blocker-public.css?ver=1.0.0' type='text/css' media='all' />
<link rel='stylesheet' id='slick-menu-animate-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/animate/animate.css?ver=1.2.7' type='text/css' media='all' />
<link rel='stylesheet' id='slick-menu-slickmenu-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/assets/css/slickmenu.min.css?ver=1.2.7' type='text/css' media='all' />
<link rel='stylesheet' id='twentytwenty-jetpack-css'  href='https://yoroi.company/wp-content/plugins/jetpack/modules/theme-tools/compat/twentytwenty.css?ver=10.5-a.3' type='text/css' media='all' />
<link rel='stylesheet' id='slick-menu-dynamic-css'  href='https://yoroi.company/?sm_ajax=dynamic_styles&#038;t=1640290164&#038;ver=1.2.7' type='text/css' media='all' />
<link rel='stylesheet' id='jetpack_css-css'  href='https://yoroi.company/wp-content/plugins/jetpack/css/jetpack.css?ver=10.5-a.3' type='text/css' media='all' />
<script type='text/javascript' src='https://c0.wp.com/c/5.8.2/wp-includes/js/jquery/jquery.min.js' id='jquery-core-js'></script>
<script type='text/javascript' id='cookie-law-info-js-extra'>
/* <![CDATA[ */
var Cli_Data = {"nn_cookie_ids":["cookielawinfo-checkbox-advertisement","_GRECAPTCHA","YSC","VISITOR_INFO1_LIVE","yt-remote-device-id","yt-remote-connected-devices","yt.innertube::requests","yt.innertube::nextId","_ga","_gid","_gat_gtag_UA_209986505_1","CONSENT"],"cookielist":[],"non_necessary_cookies":{"analytics":["_ga","_gid","_gat_gtag_UA_209986505_1","CONSENT"],"advertisement":["YSC","VISITOR_INFO1_LIVE","yt-remote-device-id","yt-remote-connected-devices","yt.innertube::requests","yt.innertube::nextId"]},"ccpaEnabled":"","ccpaRegionBased":"","ccpaBarEnabled":"","strictlyEnabled":["necessary","obligatoire"],"ccpaType":"gdpr","js_blocking":"1","custom_integration":"","triggerDomRefresh":"","secure_cookies":""};
var cli_cookiebar_settings = {"animate_speed_hide":"500","animate_speed_show":"500","background":"#FFF","border":"#b1a6a6c2","border_on":"","button_1_button_colour":"#61a229","button_1_button_hover":"#4e8221","button_1_link_colour":"#fff","button_1_as_button":"1","button_1_new_win":"","button_2_button_colour":"#333","button_2_button_hover":"#292929","button_2_link_colour":"#444","button_2_as_button":"","button_2_hidebar":"","button_3_button_colour":"#dedfe0","button_3_button_hover":"#b2b2b3","button_3_link_colour":"#333333","button_3_as_button":"1","button_3_new_win":"","button_4_button_colour":"#dedfe0","button_4_button_hover":"#b2b2b3","button_4_link_colour":"#333333","button_4_as_button":"1","button_7_button_colour":"#61a229","button_7_button_hover":"#4e8221","button_7_link_colour":"#fff","button_7_as_button":"1","button_7_new_win":"","font_family":"inherit","header_fix":"","notify_animate_hide":"1","notify_animate_show":"","notify_div_id":"#cookie-law-info-bar","notify_position_horizontal":"right","notify_position_vertical":"bottom","scroll_close":"","scroll_close_reload":"","accept_close_reload":"","reject_close_reload":"","showagain_tab":"","showagain_background":"#fff","showagain_border":"#000","showagain_div_id":"#cookie-law-info-again","showagain_x_position":"100px","text":"#333333","show_once_yn":"","show_once":"10000","logging_on":"","as_popup":"","popup_overlay":"1","bar_heading_text":"","cookie_bar_as":"banner","popup_showagain_position":"bottom-right","widget_position":"left"};
var log_object = {"ajax_url":"https:\/\/yoroi.company\/wp-admin\/admin-ajax.php"};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6' id='cookie-law-info-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/mailup-email-and-newsletter-subscription-form/admin/js/jquery.validate.min.js?ver=1.19.3' id='mailup_validate-js'></script>
<script type='text/javascript' id='mailup-js-extra'>
/* <![CDATA[ */
var mailup_params = {"ajax_url":"https:\/\/yoroi.company\/wp-admin\/admin-ajax.php","ajaxNonce":"b3421b6d5a"};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/mailup-email-and-newsletter-subscription-form/public/js/mailup-public.js?ver=1.2.0' id='mailup-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/oxygen/component-framework/vendor/aos/aos.js?ver=1' id='oxygen-aos-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/wp-contact-form7-email-spam-blocker/public/js/contact-form-7-email-spam-blocker-public.js?ver=1.0.0' id='contact-form-7-email-spam-blocker-js'></script>
<link rel="https://api.w.org/" href="https://yoroi.company/wp-json/" /><link rel="alternate" type="application/json" href="https://yoroi.company/wp-json/wp/v2/posts/4825" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://yoroi.company/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://yoroi.company/wp-includes/wlwmanifest.xml" /> 

<link rel='shortlink' href='https://yoroi.company/?p=4825' />
<link rel="alternate" type="application/json+oembed" href="https://yoroi.company/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fyoroi.company%2Fresearch%2Fshadows-from-the-past-threaten-italian-enterprises%2F" />
<link rel="alternate" type="text/xml+oembed" href="https://yoroi.company/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fyoroi.company%2Fresearch%2Fshadows-from-the-past-threaten-italian-enterprises%2F&#038;format=xml" />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script type="text/plain" data-cli-class="cli-blocker-script"  data-cli-script-type="analytics" data-cli-block="true"  data-cli-element-position="head" async src="https://www.googletagmanager.com/gtag/js?id=UA-209986505-1"></script>
<script type="text/plain" data-cli-class="cli-blocker-script"  data-cli-script-type="analytics" data-cli-block="true"  data-cli-element-position="head">
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-209986505-1');
  gtag('config', 'GA_TRACKING_ID', { 'anonymize_ip': true });
</script><meta name="theme-color" content="#a52929"><style type='text/css'>img#wpstats{display:none}</style>
				<style type="text/css">
			.recentcomments a {
				display: inline !important;
				padding: 0 !important;
				margin: 0 !important;
			}

			table.recentcommentsavatartop img.avatar, table.recentcommentsavatarend img.avatar {
				border: 0px;
				margin: 0;
			}

			table.recentcommentsavatartop a, table.recentcommentsavatarend a {
				border: 0px !important;
				background-color: transparent !important;
			}

			td.recentcommentsavatarend, td.recentcommentsavatartop {
				padding: 0px 0px 1px 0px;
				margin: 0px;
			}

			td.recentcommentstextend {
				border: none !important;
				padding: 0px 0px 2px 10px;
			}

			.rtl td.recentcommentstextend {
				padding: 0px 10px 2px 0px;
			}

			td.recentcommentstexttop {
				border: none;
				padding: 0px 0px 0px 10px;
			}

			.rtl td.recentcommentstexttop {
				padding: 0px 10px 0px 0px;
			}
		</style>
		<link rel="amphtml" href="https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/amp/">			<style type="text/css">
				/* If html does not have either class, do not show lazy loaded images. */
				html:not( .jetpack-lazy-images-js-enabled ):not( .js ) .jetpack-lazy-image {
					display: none;
				}
			</style>
			<script>
				document.documentElement.classList.add(
					'jetpack-lazy-images-js-enabled'
				);
			</script>
		<link rel="icon" href="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/07/cropped-Mezzo-busto-1.png?fit=32%2C32&#038;ssl=1" sizes="32x32" />
<link rel="icon" href="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/07/cropped-Mezzo-busto-1.png?fit=192%2C192&#038;ssl=1" sizes="192x192" />
<link rel="apple-touch-icon" href="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/07/cropped-Mezzo-busto-1.png?fit=180%2C180&#038;ssl=1" />
<meta name="msapplication-TileImage" content="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/07/cropped-Mezzo-busto-1.png?fit=270%2C270&#038;ssl=1" />
<link href="https://fonts.googleapis.com/css?family=Work+Sans:100,200,300,400,500,600,700,800,900|Work+Sans:100,200,300,400,500,600,700,800,900" rel="stylesheet"><link rel='stylesheet' id='oxygen-styles-css'  href='//yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/?xlink=css&#038;ver=5.8.2' type='text/css' media='all' />
<!-- END OF WP_HEAD() -->
</head>
<body class="post-template-default single single-post postid-4825 single-format-standard  wp-embed-responsive oxygen-body" >



						<header id="_header-104-8" class="oxy-header-wrapper oxy-overlay-header oxy-header" ><div id="_header_row-105-8" class="oxy-header-row header" ><div class="oxy-header-container"><div id="_header_left-106-8" class="oxy-header-left" ></div><div id="_header_center-107-8" class="oxy-header-center" ><nav id="_nav_menu-110-8" class="oxy-nav-menu oxy-nav-menu-dropdowns oxy-nav-menu-dropdown-arrow" ><div class='oxy-menu-toggle'><div class='oxy-nav-menu-hamburger-wrap'><div class='oxy-nav-menu-hamburger'><div class='oxy-nav-menu-hamburger-line'></div><div class='oxy-nav-menu-hamburger-line'></div><div class='oxy-nav-menu-hamburger-line'></div></div></div></div><div class="menu-menu-eng-container"><ul id="menu-menu-eng" class="oxy-nav-menu-list"><li id="menu-item-62" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-62"><a href="https://yoroi.company/defence-center/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Defence center</span>
					
				</span>
				
			</span>
			</a></li>
<li id="menu-item-354" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-354"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Solutions</span>
					
				</span>
				
			</span>
			</a>
<ul class="sub-menu">
	<li id="menu-item-355" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-355"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Before Attack</span>
					
				</span>
				
			</span>
			</a>
	<ul class="sub-menu">
		<li id="menu-item-358" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-358"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-364" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-364"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-365" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-365"><a href="https://yoroi.company/service/dns-defence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">DNS Defence</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-366" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-366"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-367" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-367"><a href="https://yoroi.company/service/genku/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Genku</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-368" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-368"><a href="https://yoroi.company/service/digital-surveillance/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Digital Surveillance</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
		<li id="menu-item-359" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-359"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-369" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-369"><a href="https://yoroi.company/service/security-compliance/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Infrastructure &#038; Systems compliance</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-370" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-370"><a href="https://yoroi.company/service/scam-protection/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Scam Protection</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-371" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-371"><a href="https://yoroi.company/service/scada-security/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">SCADA Security</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-372" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-372"><a href="https://yoroi.company/service/early-warning/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Early Warning</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-373" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-373"><a href="https://yoroi.company/service/wi-fi-infrastructure-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Wi-Fi Infrastructure Assessment</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-380" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-380"><a href="https://yoroi.company/service/vulnerability-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Vulnerability Assessment</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-374" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-374"><a href="https://yoroi.company/service/targeted-attack-simulation/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Adversarial Simulation</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-379" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-379"><a href="https://yoroi.company/service/cert-computer-emergency-response-team/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat Hunting</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-378" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-378"><a href="https://yoroi.company/service/siem-management/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">SIEM management</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-377" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-377"><a href="https://yoroi.company/service/security-infrastructure-assessment-sia/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Security Infrastructure Assessment (SIA)</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-376" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-376"><a href="https://yoroi.company/service/penetration-testing/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Penetration Testing</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
	</ul>
</li>
	<li id="menu-item-356" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-356"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">During Attack</span>
					
				</span>
				
			</span>
			</a>
	<ul class="sub-menu">
		<li id="menu-item-360" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-360"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-381" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-381"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-383" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-383"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-384" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-384"><a href="https://yoroi.company/service/yomi/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Yomi</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-382" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-382"><a href="https://yoroi.company/service/email-protection/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Email Protection</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
		<li id="menu-item-361" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-361"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-386" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-386"><a href="https://yoroi.company/service/irt/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">IRT (Incident Response Team)</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-385" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-385"><a href="https://yoroi.company/category/threat/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Managed Advanced Threat Protection</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-375" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-375"><a href="https://yoroi.company/service/kickback-attack/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">KickBack Attack</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
	</ul>
</li>
	<li id="menu-item-357" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-357"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">After Attack</span>
					
				</span>
				
			</span>
			</a>
	<ul class="sub-menu">
		<li id="menu-item-363" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-363"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-388" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-388"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-389" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-389"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
		<li id="menu-item-362" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-362"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-387" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-387"><a href="https://yoroi.company/service/wi-fi-infrastructure-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Wi-Fi Infrastructure Assessment</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-390" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-390"><a href="https://yoroi.company/service/cert-computer-emergency-response-team/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat Hunting</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
	</ul>
</li>
</ul>
</li>
<li id="menu-item-5336" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-5336"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Blogs</span>
					
				</span>
				
			</span>
			</a>
<ul class="sub-menu">
	<li id="menu-item-199" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-199"><a href="https://yoroi.company/blog/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Yoroi Blog</span>
					
				</span>
				
			</span>
			</a></li>
	<li id="menu-item-5337" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-5337"><a href="https://marcoramilli.com/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Marco Ramilli Blog</span>
					
				</span>
				
			</span>
			</a></li>
</ul>
</li>
<li id="menu-item-60" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home menu-item-60"><a href="https://yoroi.company/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Home</span>
					
				</span>
				
			</span>
			</a></li>
<li id="menu-item-311" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-311"><a href="https://yoroi.company/downloads/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Downloads</span>
					
				</span>
				
			</span>
			</a></li>
<li id="menu-item-61" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-61"><a href="https://yoroi.company/about-us/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">About us</span>
					
				</span>
				
			</span>
			</a></li>
<li id="menu-item-200" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-200"><a href="https://yoroi.company/contacts/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Contacts</span>
					
				</span>
				
			</span>
			</a></li>
</ul></div></nav></div><div id="_header_right-108-8" class="oxy-header-right" ></div></div></div><div id="_header_row-111-8" class="oxy-header-row header" ><div class="oxy-header-container"><div id="_header_left-112-8" class="oxy-header-left" ><a id="link-120-8" class="ct-link" href="https://yoroi.company/" target="_self"  ><img id="image-115-8" alt="Logo" src="https://yoroi.company/wp-content/uploads/2020/01/logo-head.svg" class="ct-image"/></a></div><div id="_header_center-113-8" class="oxy-header-center" ></div><div id="_header_right-114-8" class="oxy-header-right" ><div id="div_block-184-8" class="ct-div-block" ><img id="image-118-8" alt="Hamburger Menu Icon" src="https://yoroi.company/wp-content/uploads/2020/01/hamburger.svg" class="ct-image sm-trigger-26"/></div></div></div></div></header>
		<main id="swup" class="ct-div-block " ><div id="div_block-1-4186" class="ct-div-block bg-dark" ><img id="image-2-4186" alt="Yoroi Background" src="https://yoroi.company/wp-content/uploads/2020/01/Risorsa-36-8.png" class="ct-image bg-heading"/><section id="section-3-4186" class=" ct-section section intro" ><div class="ct-section-inner-wrap"><h1 id="headline-4-4186" class="ct-headline intro__heading"><span id="span-5-4186" class="ct-span" >Shadows From the Past Threaten Italian Enterprises</span></h1><div id="code_block-28-4186" class="ct-code-block" ><h6 class="blog-post-date">
	11/30/2020</h6></div><div id="text_block-14-4186" class="ct-text-block blog-post" ><span id="span-15-4186" class="ct-span oxy-stock-content-styles blog-post" >
<h1>Introduction</h1>



<p>The modern cyber threat landscape hides nasty surprises for companies, especially for the most structured and complex companies. Many times, threat actors develop very dangerous and effective techniques using tools and technologies in a smart, unattended way.&nbsp; This is the case of a particular cyber criminal group operating cyber intrusion against one of the most targeted and cyber-mature industry sectors: the Banking sector.</p>



<p>During the last years our defense and intelligence operations spotted and tracked some of the operations of a particular Threat Group targeting financial institutions worldwide, in Europe and especially in Italy, at least since 2015.&nbsp; This particular cyber criminal group has been recently publicly disclosed with the name <a href="https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html" target="_blank" rel="noopener">UNC1945</a> by Mandiant (TH-239 in our internal KB), presenting the findings of a particular investigation they recently took part and referencing an intrusion potentially dated back to 2018.</p>



<p>After the publication of the Mandiant report, we decided to reach out and de-classify some technical details about this mysterious group that is threatening some of the largest Italian - and European - companies.&nbsp;</p>



<p>In particular, we’ll describe how the group approached the difficult task of bringing a modern cyber arsenal to multi-decade old legacy systems.&nbsp;</p>



<h2>The Challenge of Attribution&nbsp;</h2>



<p>The attribution of this group to known threat actors is still smoky and far for certainty. In fact, even if CERT-Yoroi reserved intelligence information points to old intrusions attributed to Carbanak/Anunak romainan cells dated back 2015-2016, there is still no hard evidence linking to this particular group.&nbsp;</p>



<p>Anyway, despite the unclear purposes of their recent intrusion reported by Mandiant one thing is pretty clear: the group is capable of running long lasting operations.&nbsp;</p>



<p>Operations running for years are not typical of the targeted ransomware operators afflicting thousands of companies nowadays. Most of those intrusions last weeks or at least months for a simple reason: persistence is really risky for the intruders, too much might cost them the whole profit opportunity.&nbsp;</p>



<p>In our experience, the actor behind TH-239 was historically financially motivated and well prepared in conducting intrusions in Enterprise grade - some time legacy - environments such as old Red Hat, Solaris OS and other Linux systems as well. A different skill set rather than most of the ransomware operators which are extremely good on Microsoft Windows environments. These much more rare abilities are typical of sophisticated groups such as those targeting high complex organizations such as Financial and Banking institutions, extremely characterized by legacy technologies, and almost unknown to most cyber criminals.&nbsp;</p>



<h1>Technical Analysis</h1>



<p>In this analysis, we want to deepen one of the post exploitation TTP used by the UNC1945 group to solve the huge problem of running modern attack tools on legacy systems.&nbsp; Do to so, the group in fact is using a custom QEMU linux virtual machine instance containing all the necessary tools adopted to achieve its objective.&nbsp;</p>



<p>This way all the operating system&nbsp; and dependencies issues become almost frictionless. In particular their portable virtual arsenal is based on QEMU images and looks like this:</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh5.googleusercontent.com/dkfjyYf8AM0jZqfICbrNBRD47JQGA-sWpxqnohs0LWjA8Q1VszybH0ZyEOPQRxDfsUsTKEqUWwuRFWCmqme9Z35y0fNgnh1G_AWWvf0b_cIu6-BIXiParlknjQqSZFauTFUlgy8" alt data-lazy-src="https://lh5.googleusercontent.com/dkfjyYf8AM0jZqfICbrNBRD47JQGA-sWpxqnohs0LWjA8Q1VszybH0ZyEOPQRxDfsUsTKEqUWwuRFWCmqme9Z35y0fNgnh1G_AWWvf0b_cIu6-BIXiParlknjQqSZFauTFUlgy8?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh5.googleusercontent.com/dkfjyYf8AM0jZqfICbrNBRD47JQGA-sWpxqnohs0LWjA8Q1VszybH0ZyEOPQRxDfsUsTKEqUWwuRFWCmqme9Z35y0fNgnh1G_AWWvf0b_cIu6-BIXiParlknjQqSZFauTFUlgy8" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. Virtual Arsenal Structure&nbsp;</p>



<p>Let's go to analyze the various elements:</p>



<ul><li><strong>bios.bin:</strong> is the QEMU seabios, an open source implementation of an x86 BIOS.</li><li><strong>core: </strong>is the original image of the Tiny Linux base</li><li><strong>efi-e1000.rom: </strong>QEMU custom ROM image.</li><li><strong>en-us: </strong>the mapping file for US keyboard layout.</li><li><strong>hda.mini.qcow2: </strong>QEMU QCOW2 Image (HD).</li><li><strong>kvmapic.bin</strong>: KVM in-kernel APIC support.</li><li><strong>qemu-system-i386: </strong>The QEMU PC System emulator;</li><li><strong>start.sh: </strong>the initialization script of the virtual machine.</li></ul>



<p>The content of the starting script is quite simple:&nbsp;</p>



<pre class="wp-block-code"><code>!/bin/shif [ -z "$1" ];then  ./qemu-system-i386 -m 166 -kernel vmlinuz -initrd core -hda hda.mini.qcow2 -append "tce=sda1 home=sda1 opt=sda1 noswap nozswap superuser" -net nic -net user,tftp=/,hostfwd=tcp::2222-:22 -curseselse  ./qemu-system-i386 -m 166 -kernel vmlinuz -initrd core -hda hda.mini.qcow2 -append "tce=sda1 home=sda1 opt=sda1 noswap nozswap superuser" -net nic -net user,tftp=/,hostfwd=tcp::19227-:22 -vnc none >/dev/null 2>&amp;1 &amp;fi</code></pre>



<p>The bash script is quite easy. It has the purpose to launch the QEMU emulator system: if no parameter is provided ($1), the script executes the first branch enabling port forwarding between guest 22 to host 2222, using the display library “curses”. This setup is to interact with the VM connecting through the host 2222 .</p>



<p>Without any parameter, the script configures the access through the usage of SSH, because the “curses” library is not listed and the VNC server is disabled. However, both the branches allow communication through the SSH protocol, in the first case starting the communication at the port 2222, in the second at the port 19227.</p>



<p>After the first overview of the configuration of the QEMU environment, we decided to deepen into the Virtual Machine by executing it.</p>



<h2>The QEMU system</h2>



<p>Starting the QEMU system, we obtained the first screen of the configuration of the QEMU system.</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh3.googleusercontent.com/Paw-z5lJ49DPQDtbDJsHIGOWlQQgCZt0zr4EsbOeNG8tVzctZbU7GzVb_gs47qLe9ww8cFJw1IkoS6wwEI9p4BiYGYBPQ6BkMKs9gDeOG04OLA1rEmJIxFXlq_RO2B6FwWQ2jHc" alt data-lazy-src="https://lh3.googleusercontent.com/Paw-z5lJ49DPQDtbDJsHIGOWlQQgCZt0zr4EsbOeNG8tVzctZbU7GzVb_gs47qLe9ww8cFJw1IkoS6wwEI9p4BiYGYBPQ6BkMKs9gDeOG04OLA1rEmJIxFXlq_RO2B6FwWQ2jHc?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh3.googleusercontent.com/Paw-z5lJ49DPQDtbDJsHIGOWlQQgCZt0zr4EsbOeNG8tVzctZbU7GzVb_gs47qLe9ww8cFJw1IkoS6wwEI9p4BiYGYBPQ6BkMKs9gDeOG04OLA1rEmJIxFXlq_RO2B6FwWQ2jHc" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. Arsenal boot up</p>



<p>The specific linux distribution adopted by the attackers is Tinycore Linux 7.2, a lightweight distro running on a 4.2.9 Linux kernel. It is interesting to notice that the Tiny Core 7.2 release is about 4 years old, but we have evidence it was still part of their cyber-arsenal during 2020.&nbsp;</p>



<p>So, we can hypothesize that the creation and the configuration of the virtual QEMU environment is 2016 and the threat actor continues to use that since that period, and, thus, that the group is using this technique at least from 2016.</p>



<p>Navigating the filesystem, we discovered a huge amount of tools for exploitation, privilege escalation, lateral movement and exfiltration.&nbsp;</p>



<h2>The Users</h2>



<p>Navigating all the filesystem and dissecting every malicious capability have been a challenging activity because we had to explore an entire modular VM with such many interesting artifacts. So, we started to see which are the users contained inside the “/etc/passwd” file.</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh4.googleusercontent.com/RhgsLhtFWW-QKIH7o4Vg7OsBV-ZegYf1at5fPpQCppvyQ12nsOz73iAhK4qV9apYoyy5ZMd9OBk8J4SH58VPTqne2nqZgLLR8ck1Dyn4NxUnMaEZ0hbAyqTn0KZFu99QCPsCijY" alt data-lazy-src="https://lh4.googleusercontent.com/RhgsLhtFWW-QKIH7o4Vg7OsBV-ZegYf1at5fPpQCppvyQ12nsOz73iAhK4qV9apYoyy5ZMd9OBk8J4SH58VPTqne2nqZgLLR8ck1Dyn4NxUnMaEZ0hbAyqTn0KZFu99QCPsCijY?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh4.googleusercontent.com/RhgsLhtFWW-QKIH7o4Vg7OsBV-ZegYf1at5fPpQCppvyQ12nsOz73iAhK4qV9apYoyy5ZMd9OBk8J4SH58VPTqne2nqZgLLR8ck1Dyn4NxUnMaEZ0hbAyqTn0KZFu99QCPsCijY" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. Virtual arsenal users configuration</p>



<p>Besides the “root” user, the base linux user with the highest level of privileges, we have, “lp” and “nobody” with no specific privileges; the first one is a sort of spooler service and the other one has no privileges and we didn’t find anything regarding the directory “/nonexistent” inside the disk image.</p>



<p>The default user of the TinyCore Linux distribution is “tc” was configured with password “ ” (empty space) and it is the user basically adopted by the attackers. The confirmation of this hypothesis is inside “/etc/fstab” configuration file where the user “tc” has three entries, as we can see below:</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh6.googleusercontent.com/H-BKA0pTdqWRUMT8qC9QQyax24CqEGxJGQfyzyCVemAAcp7gcqar6RP06GhDVFBcJjhU8x0jDdxEnfFqwJbm9_KXMfQOICfAmRAtYI-D52Olc_W1jbTDdo7hZpoSsG0apnrs8OI" alt data-lazy-src="https://lh6.googleusercontent.com/H-BKA0pTdqWRUMT8qC9QQyax24CqEGxJGQfyzyCVemAAcp7gcqar6RP06GhDVFBcJjhU8x0jDdxEnfFqwJbm9_KXMfQOICfAmRAtYI-D52Olc_W1jbTDdo7hZpoSsG0apnrs8OI?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh6.googleusercontent.com/H-BKA0pTdqWRUMT8qC9QQyax24CqEGxJGQfyzyCVemAAcp7gcqar6RP06GhDVFBcJjhU8x0jDdxEnfFqwJbm9_KXMfQOICfAmRAtYI-D52Olc_W1jbTDdo7hZpoSsG0apnrs8OI" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. FSTAB configuration</p>



<p>This mode of adding devices onto the virtual system is provided thanks to the command line of QEMU hypervisor application though the command “-append” which has the purpose of appending a new virtual disk to the basic core of the linux system.&nbsp;</p>



<p>Inside the virtual disk there is the complete post-exploitation arsenal adopted by this new powerful threat actor and this particular configuration enables it to perform a completely modular arsenal. In fact, the attackers could update only the virtual device letting the core of the VM unaltered by simply replacing the virtual QCOW2 disk.</p>



<p>The three most important directories are “deploy”, “python” and “responder”.&nbsp;</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh3.googleusercontent.com/NgdQj5WBCJrjOvnuByUiuDnL_ENhLW6_uytNzlOHEDq9GrDYYUtqNkNhX--lCZ6vx_94vgJY8IWb1GmpNJWkk8XVjqZiaEVB5d2P2n-tssZVqwFEojW4Wp4yGUDyLHD-0mBlNeA" alt data-lazy-src="https://lh3.googleusercontent.com/NgdQj5WBCJrjOvnuByUiuDnL_ENhLW6_uytNzlOHEDq9GrDYYUtqNkNhX--lCZ6vx_94vgJY8IWb1GmpNJWkk8XVjqZiaEVB5d2P2n-tssZVqwFEojW4Wp4yGUDyLHD-0mBlNeA?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh3.googleusercontent.com/NgdQj5WBCJrjOvnuByUiuDnL_ENhLW6_uytNzlOHEDq9GrDYYUtqNkNhX--lCZ6vx_94vgJY8IWb1GmpNJWkk8XVjqZiaEVB5d2P2n-tssZVqwFEojW4Wp4yGUDyLHD-0mBlNeA" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. TC user folder structure&nbsp;</p>



<h3>The “Deploy” Directory</h3>



<p>This directory contains many tools part of the cyber arsenal. It is composed of many types of executable binaries, scripts and archives such as .py, .exe, .txz, or .js. This is an indication that the repository is virtual-arsenal was originally designed to target different kind of machines, as needed.</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh4.googleusercontent.com/fX9iM1qQhuvXUCfciWm594GtRE4_WccugZRUBq7cmQo3U4FQAjah7ZogzEoZaZupVuAnmfphV0V1tBlvohxzzN8D9lS0vMsnkKTLaNICPhMYND8AWCV76nH6LDLDtdT-3KMhwjI" alt data-lazy-src="https://lh4.googleusercontent.com/fX9iM1qQhuvXUCfciWm594GtRE4_WccugZRUBq7cmQo3U4FQAjah7ZogzEoZaZupVuAnmfphV0V1tBlvohxzzN8D9lS0vMsnkKTLaNICPhMYND8AWCV76nH6LDLDtdT-3KMhwjI?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh4.googleusercontent.com/fX9iM1qQhuvXUCfciWm594GtRE4_WccugZRUBq7cmQo3U4FQAjah7ZogzEoZaZupVuAnmfphV0V1tBlvohxzzN8D9lS0vMsnkKTLaNICPhMYND8AWCV76nH6LDLDtdT-3KMhwjI" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. Deploy directory contents</p>



<p>Many of the sub-folder in this directory references known tools, most of them publicly available. For instance:</p>



<ul><li>LaZagne: historical tool to harvest credentials from heterogeneous environments such as Microsoft Windows, Linux based systems and Apple’s OSX.</li><li>UACME: tool to bypass user access control restrictions on Microsoft Windows environments.</li><li>Mimikatz: maybe the most popular post exploitation and privilege escalation tool even nowadays.</li><li>Bcwipe: a legit data wiping software able to permanently and selectively&nbsp; delete files in a unrecoverable way, showing the group have particular care in remaining unnoticed.&nbsp;</li><li>procdump: a sysinternal command-line utility to monitor and dump process memory.</li><li>Screen and screen_xp: contains custom recognizance tools to monitor the desktop screen of their targets.&nbsp;&nbsp;</li><li>tshd: contains a TinyShell backdoor - typical unix tool - but customized and compiled for Windows environments.</li></ul>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh6.googleusercontent.com/3zBX9lEYP1VREaot6xlm8T7g-AWRIc96fq-ujQ9_r4SVQxk2kRPTKZzhV0U0YKEdMyjPnz3e86Uo7rZnuE9EbjUZp-P2ZTRyRDkV-xBSPXwgVUtO1-Xt2XKDHaU5a9s19e9POlM" alt data-lazy-src="https://lh6.googleusercontent.com/3zBX9lEYP1VREaot6xlm8T7g-AWRIc96fq-ujQ9_r4SVQxk2kRPTKZzhV0U0YKEdMyjPnz3e86Uo7rZnuE9EbjUZp-P2ZTRyRDkV-xBSPXwgVUtO1-Xt2XKDHaU5a9s19e9POlM?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh6.googleusercontent.com/3zBX9lEYP1VREaot6xlm8T7g-AWRIc96fq-ujQ9_r4SVQxk2kRPTKZzhV0U0YKEdMyjPnz3e86Uo7rZnuE9EbjUZp-P2ZTRyRDkV-xBSPXwgVUtO1-Xt2XKDHaU5a9s19e9POlM" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. custom screen capture tool dynamics&nbsp;</p>



<figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/DSYhZbjXdXX-kQJ2qWGevl3jrUrVOJ4MJuIfCTKOQ74Bdyzj80INpqgvS9ON58Al4LFyrNRBvLHXy6sAglwiSlv15hNFoYm2PRJgl_UZPnWjZQZlhVZMxsiKVspVKTX3lbmKJZM" alt data-lazy-src="https://lh6.googleusercontent.com/DSYhZbjXdXX-kQJ2qWGevl3jrUrVOJ4MJuIfCTKOQ74Bdyzj80INpqgvS9ON58Al4LFyrNRBvLHXy6sAglwiSlv15hNFoYm2PRJgl_UZPnWjZQZlhVZMxsiKVspVKTX3lbmKJZM?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh6.googleusercontent.com/DSYhZbjXdXX-kQJ2qWGevl3jrUrVOJ4MJuIfCTKOQ74Bdyzj80INpqgvS9ON58Al4LFyrNRBvLHXy6sAglwiSlv15hNFoYm2PRJgl_UZPnWjZQZlhVZMxsiKVspVKTX3lbmKJZM" alt=""/></noscript></figure>



<p class="has-text-align-center">Figure. snippet from the customized TSHD backdoor for Windows</p>



<p>There are also some tools statically compiled such as winexe. The reason is to have tools that are self-contained and ready to execute and does not require any additional installations on the target machine.</p>



<h3>The “Python” Directory</h3>



<p>This directory is quite different from the previous one. It contains various exploits mainly written in python language. The first folder contains exploits for the well known MS17-010 vulnerability also known as the EternalBlue family. The code has been forked form the open source github repository <a href="https://github.com/worawit/MS17-010" target="_blank" rel="noopener">MS17-010</a> and contains python scripts to conduct EternalBlue, EternalChampion, EternalSynergy, EternalRomance attacks, along with old Windows 2000 exploits.</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh4.googleusercontent.com/Xvq2-2sTvBAIjrHV2R_tHQTa518yHV2zsytVzAHknmncgMPG0OeMVii_aC4Z4pm8YqF54EcHEOCmMYXAK3AwTQfjYmIb00wwCBPIhDQv3U5EHMUtWWCCVgxOWLK4Ar6C8kee61c" alt data-lazy-src="https://lh4.googleusercontent.com/Xvq2-2sTvBAIjrHV2R_tHQTa518yHV2zsytVzAHknmncgMPG0OeMVii_aC4Z4pm8YqF54EcHEOCmMYXAK3AwTQfjYmIb00wwCBPIhDQv3U5EHMUtWWCCVgxOWLK4Ar6C8kee61c?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh4.googleusercontent.com/Xvq2-2sTvBAIjrHV2R_tHQTa518yHV2zsytVzAHknmncgMPG0OeMVii_aC4Z4pm8YqF54EcHEOCmMYXAK3AwTQfjYmIb00wwCBPIhDQv3U5EHMUtWWCCVgxOWLK4Ar6C8kee61c" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. The “Python” directory</p>



<p>Inside the “python” directory, we also noticed the “pip-selfcheck.json” file, an installation artifact reporting the latest update of the cyber-arsenal dates back to 2018 as shown below:</p>



<figure class="wp-block-table"><table><tbody><tr><td>{"last_check":"2018-05-26T06:06:28Z","pypi_version":"10.0.1"}</td></tr></tbody></table></figure>



<p>Inside the “example” sub-folder there are many reconnaissance tools able to gather technical information from the target systems via SMB, WMI, ActiveDirectory, System registry, NFS, Netbios and so on. Tools really useful to gather information about the Microsoft Windows perimeter of the victim network.&nbsp;</p>



<p>The tools in the “examples” folder are actually borrowed from the “Impacket” open source collection available on <a href="https://github.com/SecureAuthCorp/impacket/tree/master/examples." target="_blank" rel="noopener">github</a>.</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh5.googleusercontent.com/tQwo4sxMstjTw_l5pEi4hGxO_BddYDbJv-0ojNsxI5VdcMLf5LEiveBZ2uwB8UC0UfLFcIY1oAUsw7KLOLChaVgiQqoNqAJY7WKXVPxVYY5gDJlh06cdRjTdeKJCvhfVNwtQppk" alt data-lazy-src="https://lh5.googleusercontent.com/tQwo4sxMstjTw_l5pEi4hGxO_BddYDbJv-0ojNsxI5VdcMLf5LEiveBZ2uwB8UC0UfLFcIY1oAUsw7KLOLChaVgiQqoNqAJY7WKXVPxVYY5gDJlh06cdRjTdeKJCvhfVNwtQppk?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh5.googleusercontent.com/tQwo4sxMstjTw_l5pEi4hGxO_BddYDbJv-0ojNsxI5VdcMLf5LEiveBZ2uwB8UC0UfLFcIY1oAUsw7KLOLChaVgiQqoNqAJY7WKXVPxVYY5gDJlh06cdRjTdeKJCvhfVNwtQppk" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. Contents of “example” sub-folder</p>



<h3>The “Responder” Directory</h3>



<p>This folder hosts the homonymous “Responder” tool. Responder is a LLMNR/NBT-NS/mDNS Poisoner written by Laurent Gaffie, and is able to listens on the wire for NetBIOS Name Service (NetBIOS) and Link-Local Multicast Name Resolution (LLMNR) broadcast and multicast requests for hostnames from other machines in the local subnet”.&nbsp; Executed with the right parameters is able to snoop on NetBios and LLMNR in order to steal&nbsp; NTLMv1/v2 password hash.</p>



<p>The presence of this type of tool inside the cyber arsenal of the attacker means the threat group is really dangerous: man in the middle attacks across the company network are part of their modus operandi so their intrusions could be really dangerous in poorly segregated networks.&nbsp;&nbsp;&nbsp;&nbsp;</p>



<p>Anyway, the 2.3 version of the Responder toolkit dates back to 2016, suggesting this tool was one of the first tools installed on the virtual-arsenal.</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh4.googleusercontent.com/N_KLXjBKmR0k3O_tfZcet1MDPp0GMJFJ9U2xeCTbV-cFLcy3dVr43UYtZskdxn7YKVBtcHZADF7nYWPSkel1IpUogqR84uxBSrAR585B2vIqFru6JHWLYaiVeedBXawHbRdQ5jA" alt data-lazy-src="https://lh4.googleusercontent.com/N_KLXjBKmR0k3O_tfZcet1MDPp0GMJFJ9U2xeCTbV-cFLcy3dVr43UYtZskdxn7YKVBtcHZADF7nYWPSkel1IpUogqR84uxBSrAR585B2vIqFru6JHWLYaiVeedBXawHbRdQ5jA?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh4.googleusercontent.com/N_KLXjBKmR0k3O_tfZcet1MDPp0GMJFJ9U2xeCTbV-cFLcy3dVr43UYtZskdxn7YKVBtcHZADF7nYWPSkel1IpUogqR84uxBSrAR585B2vIqFru6JHWLYaiVeedBXawHbRdQ5jA" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. Responder configuration</p>



<p>Inside the "Responder" directory there is also the "log" folder created during the first execution of the tool.</p>



<figure class="wp-block-table"><table><tbody><tr><td>07/09/2016 11:39:19 PM - Responder Started: ['./Responder.py', '-I', 'eth0']<br>07/09/2016 11:39:19 PM - Responder Config: Settings class:</td></tr></tbody></table></figure>



<h2>The Virtual-Arsenal Capabilities</h2>



<p>After the analysis, we identified all the tools stored inside the malicious virtual machine and we are able to classify them into the following categories:</p>



<ul><li>Enumeration (T1261):<ul><li>Using tools to enumerate users through various protocols such as LPAD, NETBIOS, Active Directory and RPC.</li></ul></li><li>Network communication (TA0011):<ul><li>Network pivoting communication using tcp, tftp, http tunnels</li><li>Packet manipulation tools like inpacket or scapy</li></ul></li><li>OS Credential Dumping (T1003):<ul><li>Harvesting credential stored inside user and system configuration through open-source tools like LaZagne.</li><li>Obtaining higher privileges and authentication tokens using escalation tools like Mimikatz or system process dumping, and bypassing OS protection such as UAC.&nbsp;</li></ul></li><li>Exploit (T1404):<ul><li>compromising remote systems abusing known 1-Day vulnerabilities such as the MS17-010 ones.</li></ul></li><li>Man-in-the-Middle (T1557):<ul><li>Engaging their targets with Man in the Middle attack to manipulate network interaction to obtain hashes and tokens (e.g. through Responder)</li></ul></li><li>Living-off-the-Land tools (T1218):<ul><li>Many legit tools such as sysinternal tools such as “procdump” are ready to be abused in the toolkit, also linux utilities like “winexe”, “find”, ”touch” “grep”, “head”, “less” or “wget” have been cross-compiled to be ready for deployment on Windows environments too.&nbsp;&nbsp;</li></ul></li></ul>



<p>All of them are compiled in different ways (static or dynamic) and written in different languages (javascript, assembly, python etc.). This TTP confirms that the QEMU virtual machine is a complete medium of post-exploitation framework, which could be customized according to every need coming from the attacker.&nbsp;</p>



<p>If we think about the classic Lockheed Martin Cyber Kill Chain, we can collocate the Virtual Machine role in its mid and latest phase, the “Lateral Movements” and the “Action and Objectives”. In fact, the QEMU virtual machine was manually controlled through an SSH tunnel by the attackers, and it has been used as a powerful framework.</p>



<h1>Conclusion</h1>



<p>This QEMU based virtual arsenal is not the only tool in the satchel of this blurred threat actor. They are also able to leverage 0Day exploits - such as the CVE-2020-14871 described in Early Warning bulletin <a href="https://yoroi.company/warning/grave-vulnerabilita-in-solaris/">N031120</a> - and to leverage completely custom implants and tools to get in and move laterally even in the most segregated network. Also, the pivoting abilities of the group are really notable and the customization of the thsd backdoor observed in the virtual-arsenal is just one element of their modus operandi.&nbsp;</p>



<p>Follow-up reports will better describe how these actors have leveraged their edge abilities to&nbsp; threaten even the most cyber-mature companies.&nbsp;</p>



<h1>Appendix</h1>



<h3>Indicator of Compromise</h3>



<p>Hash:</p>



<pre class="wp-block-code"><code>fb7426ad06ee17fae29e4a46e36d92e7ba7a7cefaeeac2741eca6c535a1b3128  tc/deploy/LaZagne/LaZagne-32bits
afa814290bfea15a47d3462ae32d94f82e66ee888f7c51caf34b3212723c22ad  tc/deploy/LaZagne/laZagne.exe
d3d4f88012dc5b7deec6c54bef21e17f720d58aa00c8a809eb36d47038ca8db8  tc/deploy/LaZagne/LaZagne-64bits
05732e84de58a3cc142535431b3aa04efbe034cc96e837f93c360a6387d8faad  tc/deploy/procdump/procdump.exe
5b0f3ad95531dc16bb8de255186be66bf134fbdea4c1fbee38c807d98992c20c  tc/deploy/procdump/run.bat
dd8a9c4c59a7c7b07f21a6b3ac60405ee4c796cb3b268a9f6bd07fcdfc25cebd  tc/deploy/screen/svhost.exe
d6d4b69a277eac02b8b79c5e734f80d6cf1e0a4e967729a20079f7815de53794  tc/deploy/UACME_2.8.8/UacInfo64.exe
5afa7bd2ec1cc2abc91b37b0f800e2af11f3c796450c618e0f40e41efe756640  tc/deploy/UACME_2.8.8/Akagi64.exe
0f04ed31f345a3fcfe2e6a4c9022f02847df785ff9cd82147fccea5122646eba  tc/deploy/UACME_2.8.8/Akagi32.exe
b90cbef385708ae3a47b4fc96299e3f7c2979af439ed79cb20b355718fa263f4  tc/deploy/UserEnum/userslist.txt
edf35acd8eeeba68af9113afdedc21dc7d4ecb549da09195a4a9f25f4eb9941f  tc/deploy/UserEnum/UserEnum_LDAP.py
6dd57af6bd2049a6382ac7169e44aadef9353b905feb75e96abaae57199d4188  tc/deploy/UserEnum/README.md
c1f409a02ad9584551a17a7321db2ad448c6b2e5731d224201c5a173fb873cce  tc/deploy/UserEnum/UserEnum_NBS.py
54ecffbe2e97a127ee6820c891ba13f0b7ea5558b33e1ee731bdb772e5b97deb  tc/deploy/UserEnum/UserEnum_RPC.py
ffa5e945163ffb23d26a5dde041802219b03692e7af409e621ef92d6692dfbaf  tc/deploy/tshd/head.exe
df4e2115c80d07ca4345ba92053dcc38c4002554677a04509d02669a50ab86bf  tc/deploy/tshd/cygwin1.dll
c2ef6fc419630d566154f8372e94859df8141d02805bc7bce39c726a1ffef7c1  tc/deploy/tshd/grep.exe
70c5e7cd2926bb9849cffa6ae1c5559baf0ec4e3c896ae28bf219c9008f4c2c7  tc/deploy/tshd/find.exe
365ac8a166174bbc89fb24b21bfcd0b015950495bdf384ab830dd96d25e4cee3  tc/deploy/tshd/w_conf.exe
3faebbd216d5e94b696288d3089fff6ecb29fc23e97ceb2ff355341ac740d6a5  tc/deploy/tshd/uudecode.exe
2c73707fc79ff78846cc3c85383d47e46e495ef223d58e1e2933787fcfc2566a  tc/deploy/tshd/uuencode.exe
1ac28b748404d58b9f0c62d1ee65e3b444c9ad3ac0abea299238090b764bc25b  tc/deploy/tshd/wget.exe
0dd4d924c9069992dd7b3e007c0f3ca149b7fb1ce0dfb74b37c7efc6e1aebb46  tc/deploy/tshd/svchost.exe
ca301cde5b700ef7160cdf1f3acc6710da59958b8613dbe0abd2fd8120dfc0ed  tc/deploy/tshd/tail.exe
73723541d7a3c60456d69f0edff955bfde9db6e255821f6aee11f5f2a8a6466b  tc/deploy/tshd/run.xml
dffffc9bfaa0b41674bbffcf93764f5d04e218a454dc5ab93a830f8ee19722a7  tc/deploy/tshd/touch.exe
edf649392001017219a27e07b9c33b3a1ebd074d1f0b769a6e8928833271b1c3  tc/deploy/nc_send/sendnc.py
a70334114ee71a28aab1f992a1a6ff5b894433066859f8bf87fe117b6b0dd288  tc/deploy/nc_send/outlooks.exe
7d33f24ae4c7b3024d5cec2a31420be857f0e547de8971dd6dea169119d4f348  tc/deploy/nc_send/tar.exe
875f234ed1c172ad8deca6d9c35270c1426d25765653600b2b899efa9f9a966f  tc/deploy/nc_send/nc.tar
50cf763baf747c0094885bc1d129fb97211c618e316ea476c0dfeffeddf9db42  tc/deploy/nc_send/mimi32.exe
b3ec0b621d523f8182cf8409cb1c3d29553d56442e75dcac964dfae82d2c1bc9  tc/deploy/nc_send/sendncmim.py
632be2363c7a13be6d5ce0dca11e387bd0a072cc962b004f0dcf3c1f78982a5a  tc/deploy/nc_send/mimi64.exe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  tc/deploy/nc_send/name_mimi_sysinit.exe
23e5fd457a251d3f87920727a12bcf2e70b30901597309564015eddd12b94a1c  tc/deploy/nc_send/mimi_old.exe
f5c1304be270e271e902f0229ab8d876c9ed63cbf4fe926dd1ab61f7335187a4  tc/deploy/mimi_uac/nc32.exe
a0ee6605e8fc9fd2c397b7cd7ddd1664b08e2e6c9f72ab9e658ec5859876da67  tc/deploy/mimi_uac/nc64.exe
8edb867830e81c060f715b365be834677949f3fb7b7649852e6087a0f8adb115  tc/deploy/mimi_uac/uac_status.txt
c27382fd82bd4af92905144b6b219c3b75cb001081f9ae683115d50d2df8382a  tc/deploy/mimi_uac/update.js
24aed7103a56557d5eddf54460cc9ae59e3f1ddc695c9d403e141c61e96059af  tc/deploy/mimi_uac/a.ps1
43c48658feb11645b32e26b8dd3db2736083047e1088cf813da75c95d50d17c5  tc/deploy/domain_loginlog/domain_loginlog.exe
77820dc7dba2412933210d7ea40c11640500b54d3ac14d317187a9c2f6a96645  tc/deploy/winexe-static-071026
8530dc274a9154a916af2595c4d48824e8b4015745cd452a634ae55d2786c902  tc/deploy/screen_XP/svhost.exe
0abc3962c668e457beb043c2455e30585e1da8732ab42e0130fd729a8dc7ebc4  tc/python/MS17-010/mysmb.py
f64024054e3e3c9cf011b27d768bd3692fa9430ae3ec39e4e7a18133d364300c  tc/python/MS17-010/infoleak_uninit.py
515284a34b406042f0eea228a5adaf705f674826999525f2d7c7f13512d5dc72  tc/python/MS17-010/nc8887.read
1b9833f28868d5a39d927f1a18f89073b82c322574b2214228201e35088314ed  tc/python/MS17-010/npp_control.py
34022a65a3eb93b109ed4c6e1233c6404197818a70f51ab654e2c7e474ee2539  tc/python/MS17-010/eternalblue_exploit8.py
f5c1304be270e271e902f0229ab8d876c9ed63cbf4fe926dd1ab61f7335187a4  tc/python/MS17-010/outlooks.exe
64cf03ed475f4486147cd2cedb78db4aa7164f57b3a2c25776ed1fb28853d7e5  tc/python/MS17-010/nc8887_.py
0b0949ea092aea52f258865b278702aa1d55558a3a349805fb970ee1439f7964  tc/python/MS17-010/checker.py
b60da0fe1946329c43fbde55fa3543510830b04959605e4b9f8ea75d4451d445  tc/python/MS17-010/exploit.py
a2ccf5c039464e67ff0a372f91f6e89999ee7c0ea44a6cba493e0aec28954023  tc/python/MS17-010/shellcode/eternalblue_sc_merge.py
493e3faaef103c8afd4d713b1447c5489e551892f42eba1b9383532024cdd107  tc/python/MS17-010/shellcode/eternalblue_kshellcode_x64.asm
a9fdd64ccc3dfba679dd796d4e3e42e1581f48555fb47d4662f1cb4191fe1a71  tc/python/MS17-010/shellcode/sc_all.bin
312d0e8913c9d1037669a73ce07f8df98af2a6a3c9c72cb2fbd29a7857686379  tc/python/MS17-010/shellcode/eternalblue_kshellcode_x86.asm
c174f89004c2fb3e91ab8233794d055340cd2a9520dc2be8b938ebccf1c74a74  tc/python/MS17-010/eternalblue7_exploit.py
7a0774c5872df12686735efc631aa83a78bf1b6211d77ccd9a2ae0ff0adfb58c  tc/python/MS17-010/nc8887.py
e9073f672596429eab45efe3e79e36e361fb220b71f4c47b32edbc6c51544494  tc/python/MS17-010/eternalsynergy_leak.py
3f106f73b51516fccb1d62265248ee03ccadf86377d66ef53a672729096d2cf3  tc/python/MS17-010/eternalromance_poc.py
2e2332d9119ca0075db133111ef9dfd5577cedc8df25d6a603755005a787178c  tc/python/MS17-010/BUG.txt
eb53bc507b64d43b3702bcabd662eddbbf468d8144e8d611fcca78bd7101cd08  tc/python/MS17-010/del_outlooks.py
2c84ce6f127ac559658ad2f5cbb5ead99c0bce27feae2f2cffcf0f1a5bc77f19  tc/python/MS17-010/eternalblue_poc.py
c49ec4e145fa4dfc63b5fe6655a84056304e61f776e3a4125b507d9f6d5fb315  tc/python/MS17-010/eternalromance_poc2.py
d20a5fce1a3fdd7b031e1f20a78206187541d6ba10d9e2d0a6472526cea2c746  tc/python/MS17-010/eternalchampion_poc.py
8e21af3c2840ff374ef5c4f98d5bd665482241c66d7fe1172023cb67ece80079  tc/python/MS17-010/README.md
99a4ded26895422707f7c92eca9c9d64212cc033c50010fb027fe32ab55386d9  tc/python/MS17-010/eternalblue_exploit7.py
2dfe1fc676fe8f5c949ac7a15491b4081a8dd8d11a3baa3442be539fe7e12e26  tc/python/MS17-010/42315.py
896610790bfa3554722518d81cd7692ba3cc963d1fd82bc6c57f7b2df7962625  tc/python/MS17-010/eternalchampion_leak.py
d37670ef452b3850d2a7d590ab3bee83902f3644cdba4e9b52fe8a2deb85402f  tc/python/MS17-010/eternalsynergy_poc.py
5e58130b5598379d83300aea616d3f21aa6037e50aa41bac59dcfb993873868c  tc/python/MS17-010/zzz_exploit.py
dd4798af2c60dd83852bb9f097bf82b332e6408d0c9362a477592397468553ca  tc/python/MS17-010/eternalchampion_poc2.py
89e30158f62eb2e60763bc9701d750e61ede148793b411c45898c0b36f467b78  tc/python/MS17-010/deluser.py
e2022ebe819476f715b10e441ef13171317c91cfaf553302c90b77ea686b72b5  tc/python/MS17-010/eternalromance_leak.py
5dd68dc09454edb1fa4f847819e3ae48fbedacef5413f2a9ef9957602a6ad97a  tc/python/MS17-010/adduser.py
624bcdae55baeef00cd11d5dfcfa60f68710a02  responder/LICENSE                                                                                                   
7ca9a5cb7034b04ea6060c7f7804997b9f8ba411  responder/README.md                                                                                                 
0833c52e7c2afce7ff357ee496bc2b3c6662edba  responder/Responder.conf                                                                                            
aca7fc6f37f789ef7a5816dce83ac4efaaa76a35  responder/Responder.py                                                                                              
90fa9a2d1db2e143eb2999f80a615f997b916407  responder/certs/gen-self-signed-cert.sh                                                                                       
cde48c263fe556d21f0dacfee746b73a9d0f843c  responder/certs/responder.crt                                                                                                 
9439fb0577b485bea2ab5515d22ce028b1edefd7  responder/certs/responder.key
3c1be1e572a4a475a4499d0c87979005a4927a1a  responder/files/AccessDenied.html
da35e993ca6b2f8a73bef404a32391ae2a6f6b3e responder/files/BindShell.exe
1bb89403f629f02091397a7c34e99c2e35b7e74  responder/poisoners/LLMNR.py
5e4d413602268e9bdabd48c486ecf164c3a188ea  responder/poisoners/LLMNR.pyc
aebe1412a78a904badfa7cbed4f3ece351af6a55 responder/poisoners/MDNS.py
a048219fd8fcef6a98cb2be309135e44efcec006  responder/poisoners/MDNS.pyc
5860c2fd3cd1a4e7203ff943753a7fbf656951dd  responder/poisoners/NBTNS.py
27deef9453ee7102f0bc42380a355124b6ad7d6a responder/ poisoners/NBTNS.pyc
da39a3ee5e6b4b0d3255bfef95601890afd80709  responder/poisoners/__init__.py
3e6de0af6b7c6c1aaaae7f4b5ecc3fc43c5b7859  responder/poisoners/__init__.pyc
874ed910bf04d409d3639c2e14776c452eb1755e  responder/tools/BrowserListener.py
8b1aac92e1a185855a4b5a2f55e14b9817f95aaa  responder/tools/DHCP.py
4b22f17fd4ec78fe4b11a98ad882970a7c55b9ef  responder/tools/DHCP_Auto.sh
cf80e9f2f99ed0778fe3ac209324bf9a84be6b1f  responder/tools/FindSMB2UPTime.py
ad09d51ecbdddd57cd0e1845ed6bd7a1c863a196  responder/tools/FindSQLSrv.py
511326ff4ed1876b6b59ccfe6b8471a27309ea00  responder/tools/Icmp-Redirect.py
3e6b7ffe886764b31757ce1bb0fd9a1854246a97  responder/tools/RelayPackets.py
23622c8ff7baea6cac44f08ff681b37a9ee9fdd1  responder/tools/SMBRelay.py
a29540e984808a029425be53ca93ce3f8fd79a27  responder/servers/Browser.py
5b1f743c91c868204348de30c2ba0dcc03b87833  responder/servers/Browser.pyc
e5dc55eecb82c1d40a4b3492ced9bf19f2dae0b4  responder/servers/DNS.py
40fa18da8bed7c4b8c42a5a038408988ab31ff82  responder/servers/DNS.pyc
7765a0a1b66a58ae487cf76c2ec43f88c767e8dd  responder/servers/FTP.py
6c03f7b5451a3b8bdc693a02dc61d0b78269a5d6  responder/servers/FTP.pyc
adaa025b5cf015769213738ead37ce7f032d203d  responder/servers/HTTP.py
d21d59dd2136e5fea0634a1cc6c7b36511025f67  responder/servers/HTTP.pyc
26939dee3f00cfca80ae62745fc4b8a987e93a49  responder/servers/HTTP_Proxy.py
10f4d968f6410179ea03a330984136cb6fffc83c  responder/servers/HTTP_Proxy.pyc
088b3ece595950ab4e471e4763bbd400ff1fca1f  responder/servers/IMAP.py
9f8014a0150badc732d07cfc381785975dee6cd7  responder/servers/IMAP.pyc
2e1ace2fc5a63000cf71510a02e3221880c094a4  responder/servers/Kerberos.py
6ceee9bf498f443817d8603ac1692c639ad8a59e  responder/servers/Kerberos.pyc
0bdac1da920a1c8177cf4f2abc147710f1b5ec09  responder/servers/LDAP.py
4cfc6d04b0311f27d170c860eb8ff7e05769a502  responder/servers/LDAP.pyc
e62c3b201a99501a626c35dc084a2201f59e2bd6  responder/servers/MSSQL.py
f49f6878303358fa15f87bd05041515605aab802  responder/servers/MSSQL.pyc
a095b50743189513f2c62033127dd5ab23e4c3ec  responder/servers/POP3.py
32dd92688f6ab0c57acbeb63ff3b093d90440a7e  responder/servers/POP3.pyc
8e229944b428f675d27a5c99e71496907a9a17d1  responder/servers/SMB.py
2533c2a30cb4f06d8c5fa9259e7d3d42ea40ca22  responder/servers/SMB.pyc
a472ed6415e0c00c4c4320468dcb65256138ffa5  responder/servers/SMTP.py
ad49be1fe6e6e732b875bac888d693a7c39f8132  responder/servers/SMTP.pyc
da39a3ee5e6b4b0d3255bfef95601890afd80709  responder/servers/__init__.py
369a6285d5047feadc3bad34bd5d914766672b81  responder/servers/__init__.pyc                                                                                                                                                                       
ef7d632acf72b04b6cf7500b21c4c8efe7612d4a  responder/fingerprint.py                                                                                            
 4c9b5680c7575e0c08c8ff1511e4553c0136c743  responder/fingerprint.pyc                                                                                                                                                                                                                                                              
a8236535d40dfdd2ae9b24aecbf1ba7e65313ce3  responder/odict.py                                                                                                  
718d1d180ff58c198713bb27544f5f8fe5b35fc6  responder/odict.pyc                                                                                                 
cc8af2c71cc4cead9ee99c268e075d2e0cb8f32d  responder/packets.py                                                                                                
 de600e4c57efc08ac86c63ee3a003955fc00bdc6  responder/packets.pyc                                                                                                                                                                                                                                                                 
2cdc364e88955d8176e32e2c35026d325883c157  responder/settings.py                                                                                               
7e73cf9b4b59db4df95c8d00915ba2370b8cb538  responder/settings.pyc                                                                                                                                                                                                                                                                           
9e6a51c50ec8c9bec41ca2c060c2029f36997a67  responder/utils.py                                                                                                  
0a26c8278351f8969e7b1c63f8e4ed69cc087925  responder/utils.pyc 
</code></pre>



<p>Yara Rules:</p>



<pre class="wp-block-code"><code>import "pe"
import "math"

rule svchost_backdoor_UNC1945{
	meta:
  	description = "Yara Rule for svchost.exe backdoor of the UNC1945 arsenal"
        hash=”428b47caf74ce986bc3688262355d5b7”
  	author = "Yoroi Malware Zlab"
  	last_updated = "2020_11_20"
  	tlp = "white"
  	category = "informational"
  
strings:
$s1="PROXYHOST"	
$s2="PROXYPORT"
$s3="USERNAME"
$s4="PASSWORD"
$s5="ENDPOINT"
$s6="/cygdrive/c/windows/system32.log"
$s7={40 20 36 [4] C7 40 24 36 [4] C7 40 28}

condition:
   uint16(0) == 0x5A4D and
   uint32(uint32(0x3C)) == 0x00004550 and pe.number_of_sections == 5 and

for any i in (0..pe.number_of_sections -1 ) : (
math.entropy(pe.sections[i].raw_data_offset, pe.sections[i].raw_data_size) > 7.2781 and pe.sections[i].name==".data" ) and ( pe.sections[2].name=="/4" ) and all of them }
</code></pre>



<p class="has-text-align-center"><em>This blog post was authored by Luigi Martire, Antonio Pirozzi and Luca Mella of Yoroi Malware ZLAB</em></p>
</span></div></div></section></div></main><footer id="section-3-8" class=" ct-section footer" ><div class="ct-section-inner-wrap"><div id="new_columns-5-8" class="ct-new-columns footer__cols" ><div id="div_block-6-8" class="ct-div-block" ><div id="div_block-16-8" class="ct-div-block footer__container" ><h4 id="headline-22-8" class="ct-headline footer__heading">Seat</h4><div id="text_block-24-8" class="ct-text-block footer__text" >Yoroi S.r.l.</div><a id="link_text-48-8" class="ct-link-text footer__link" href="https://maps.google.com/?q=Via%20Giovanni%20Battista%20Martini%206,%20Roma%20RM,%2000198" target="_blank">Piazza Sallustio, 9<br>00187 Roma (RM)</a></div><div id="div_block-19-8" class="ct-div-block footer__container" ><h4 id="headline-51-8" class="ct-headline footer__heading">Contact</h4><a id="link_text-127-8" class="ct-link-text footer__link" href="/cdn-cgi/l/email-protection#0b62656d644b7264796462256864667b6a6572" target="_blank"><span class="__cf_email__" data-cfemail="e1888f878ea1988e938e88cf828e8c91808f98">[email&#160;protected]</span></a><a id="link_text-176-8" class="ct-link-text footer__link" href="tel:+39%20051%200301005" target="_blank"  >+39 051 0301005</a></div><div id="div_block-20-8" class="ct-div-block footer__container" ><h4 id="headline-53-8" class="ct-headline footer__heading">Legal</h4><a id="link_text-134-8" class="ct-link-text footer__link" href="https://yoroi.company/terms-conditions" target="_blank"  >Terms &amp; Conditions</a><a id="link_text-132-8" class="ct-link-text footer__link" href="https://yoroi.company/privacy-policy/" target="_blank"  >Privacy Policy</a><a id="link_text-185-8" class="ct-link-text footer__link" href="https://yoroi.company/cookie/" target="_blank"  >Cookie Policy</a></div><div id="div_block-21-8" class="ct-div-block footer__container" ><h4 id="headline-55-8" class="ct-headline footer__heading">Warning system</h4><a id="link_text-140-8" class="ct-link-text footer__link" href="https://yoroi.company/downloads/" target="_self"  >Subscribe to our early warning system</a><a id="link_text-149-8" class="ct-link-text footer__link" href="https://yoroi.company/downloads/" target="_self"  >Downloads</a><a id="link_text-141-8" class="ct-link-text footer__link" href="https://yoroi.company/news/" target="_self"  >News</a></div></div><div id="div_block-7-8" class="ct-div-block " ><div id="div_block-27-8" class="ct-div-block footer__box" ><div id="div_block-30-8" class="ct-div-block" ><h4 id="headline-28-8" class="ct-headline footer__heading">Social</h4><div id="_social_icons-62-8" class="oxy-social-icons" ><a href='https://www.facebook.com/weareyoroi/' target='_blank' class='oxy-social-icons-facebook'><svg><use xlink:href='#oxy-social-icons-icon-facebook'></use></svg></a><a href='https://twitter.com/yoroisecurity' target='_blank' class='oxy-social-icons-twitter'><svg><use xlink:href='#oxy-social-icons-icon-twitter'></use></svg></a><a href='https://www.linkedin.com/company/yoroi/' target='_blank' class='oxy-social-icons-linkedin'><svg><use xlink:href='#oxy-social-icons-icon-linkedin'></use></svg></a><a href='https://www.youtube.com/channel/UCb3woWzGtRO8tYHHpje3AMA' target='_blank' class='oxy-social-icons-youtube'><svg><use xlink:href='#oxy-social-icons-icon-youtube'></use></svg></a></div></div></div></div></div><div id="new_columns-32-8" class="ct-new-columns footer__cols" ><div id="div_block-33-8" class="ct-div-block" ><div id="div_block-44-8" class="ct-div-block footer__box" ><div id="text_block-180-8" class="ct-text-block footer__text" >P.IVA. 03407741200 - R.E.A. RM 1559639 - Codice Fiscale 03407741200 - Capitale Sociale: Euro 100.000 IV</div><div id="text_block-45-8" class="ct-text-block footer__text" >Yoroi S.r.l. società soggetta ad attività di direzione e coordinamento esercitata dalla Tinexta S.p.A.</div></div></div><div id="div_block-40-8" class="ct-div-block " ><div id="div_block-41-8" class="ct-div-block footer__box footer__box--end" ><a id="link-179-8" class="ct-link" href="https://www.trusted-introducer.org/directory/teams/cert-yoroi.html" target="_self"  ><img id="image-177-8" alt="" src="https://yoroi.company/wp-content/uploads/2021/09/logo_tinexta-ai_3.png" class="ct-image" data-lazy="true"/></a><a id="link-182-8" class="ct-link" href="https://www.trusted-introducer.org/directory/teams/cert-yoroi.html" target="_self"  ><img id="image-183-8" alt="" src="https://yoroi.company/wp-content/uploads/2021/03/image-16.png" class="ct-image"/></a><div id="div_block-42-8" class="ct-div-block" ><a id="link-124-8" class="ct-link" href="https://yoroi.company/" target="_self"  ><img id="image-123-8" alt="Logo" src="https://yoroi.company/wp-content/uploads/2021/10/LOGO_YOROI_TC_WHITE-1.png" class="ct-image"/></a></div></div></div></div><div id="credits" class="ct-div-block" ><p id="simplenetworks" class="ct-text-block" >credits: <b>SimpleNetworks</b></p></div></div></footer><div id="code_block-133-8" class="ct-code-block" ><div class="cursor-dot-outline"></div>
<div class="cursor-dot"></div></div>            <div class="oxy-modal-backdrop  "
                style="background-color: rgba(0,0,0,0.5);"
                data-trigger="user_clicks_element"                data-trigger-selector="#link_text-140-8"                data-trigger-time="5"                data-trigger-time-unit="seconds"                data-close-automatically="no"                data-close-after-time="10"                data-close-after-time-unit="seconds"                data-trigger_scroll_amount="50"                data-trigger_scroll_direction="down"	            data-scroll_to_selector=""	            data-time_inactive="60"	            data-time-inactive-unit="seconds"	            data-number_of_clicks="3"	            data-close_on_esc="on"	            data-number_of_page_views="3"                data-close-after-form-submit="no"                data-open-again="always_show"                data-open-again-after-days="3"            >

                <div id="modal-168-8" class="ct-modal modal" ><a id="link_button-169-8" class="ct-link-button oxy-close-modal close-button" href="http://" target="_self"  >×</a><div id="div_block-170-8" class="ct-div-block modal__content" ><h3 id="headline-171-8" class="ct-headline modal__heading">Subscribe to our early warning system</h3><div id="shortcode-174-8" class="ct-shortcode shortcode-form" ><div role="form" class="wpcf7" id="wpcf7-f223-o1" lang="en-US" dir="ltr">
<div class="screen-reader-response"><p role="status" aria-live="polite" aria-atomic="true"></p> <ul></ul></div>
<form action="/research/shadows-from-the-past-threaten-italian-enterprises/#wpcf7-f223-o1" method="post" class="wpcf7-form init" novalidate="novalidate" data-status="init">
<div style="display: none;">
<input type="hidden" name="_wpcf7" value="223" />
<input type="hidden" name="_wpcf7_version" value="5.5.2" />
<input type="hidden" name="_wpcf7_locale" value="en_US" />
<input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f223-o1" />
<input type="hidden" name="_wpcf7_container_post" value="0" />
<input type="hidden" name="_wpcf7_posted_data_hash" value="" />
<input type="hidden" name="_wpcf7_recaptcha_response" value="" />
</div>
<div class="form__field">
   <label class="form__label">Name *</label><br />
   <span class="wpcf7-form-control-wrap warning-name"><input type="text" name="warning-name" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required form__input" aria-required="true" aria-invalid="false" /></span>
</div>
<div class="form__field">
   <label class="form__label">Last Name *</label><br />
   <span class="wpcf7-form-control-wrap warning-lastname"><input type="text" name="warning-lastname" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required form__input" aria-required="true" aria-invalid="false" /></span>
</div>
<div class="form__field">
   <label class="form__label">Company *</label><br />
   <span class="wpcf7-form-control-wrap warning-company"><input type="text" name="warning-company" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required form__input" aria-required="true" aria-invalid="false" /></span>
</div>
<div class="form__field">
   <label class="form__label">Email *</label><br />
   <span class="wpcf7-form-control-wrap warning-email"><input type="email" name="warning-email" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-email wpcf7-validates-as-required wpcf7-validates-as-email form__input" aria-required="true" aria-invalid="false" /></span>
</div>
<div class="form__field">
   <label class="form__label">Details</label><br />
   <span class="wpcf7-form-control-wrap warning-textarea"><textarea name="warning-textarea" cols="40" rows="10" class="wpcf7-form-control wpcf7-textarea form__input" aria-invalid="false"></textarea></span>
</div>
<div class="form__field">
   <label class="form__terms"><br />
      <span class="wpcf7-form-control-wrap warning-acceptance"><span class="wpcf7-form-control wpcf7-acceptance"><span class="wpcf7-list-item"><input type="checkbox" name="warning-acceptance" value="1" aria-invalid="false" class="form__checkbok" /></span></span></span><br />
      <span>Io sottoscritto dichiaro di aver letto e compreso l’<a href="https://yoroi.company/privacy-policy/" target="_blank">informativa privacy</a> resa ai sensi dell’art. 13 e autorizzo il Titolare del trattamento alla raccolta dei miei dati personali secondo le modalità e per le finalità ivi descritte.<span><br />
   </label>
</div>
<div class="form__field">
   <label class="form__terms"><br />
      <span class="wpcf7-form-control-wrap warning-acceptance-commercial"><span class="wpcf7-form-control wpcf7-acceptance optional"><span class="wpcf7-list-item"><input type="checkbox" name="warning-acceptance-commercial" value="1" aria-invalid="false" class="form__checkbok" /></span></span></span><br />
      <span>Io sottoscritto autorizzo il Titolare del trattamento alla raccolta dei miei dati personali secondo le modalità descritte nell’<a href="https://yoroi.company/privacy-policy/" target="_blank">informativa privacy</a> per l’invio di comunicazioni commerciali e/o promozionali anche tramite l’invio di newsletter<span><br />
   </label>
</div>
<input type="hidden" name="list" value="6" class="wpcf7-form-control wpcf7-hidden" />
<input type="hidden" name="apgroup" value="52" class="wpcf7-form-control wpcf7-hidden" />
<input type="hidden" name="origin" value="early-warning" class="wpcf7-form-control wpcf7-hidden" />
<div class="form__field">
<input type="submit" value="Send" class="wpcf7-form-control has-spinner wpcf7-submit form__submit button button--redshadow" />
</div>
<div class="wpcf7-response-output" aria-hidden="true"></div></form></div></div></div></div>
            </div>
        <div id="code_block-181-8" class="ct-code-block" ></div>	<!-- WP_FOOTER -->
<!-- wpcom_wp_footer -->
<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script defer id='bilmur' data-provider='wordpress.com' data-service='atomic' src='https://s0.wp.com/wp-content/js/bilmur.min.js?m=202151'></script>
<!--googleoff: all--><div id="cookie-law-info-bar" data-nosnippet="true"><span><div class="cli-bar-container cli-style-v2"><div class="cli-bar-message">Questo sito, come la maggior parte dei siti web, utilizza cookie, anche di terze parti, per migliorare la tua esperienza di navigazione e raccogliere informazioni sull'utilizzo del sito stesso. Cliccando su "Accetta tutti" ti dichiari d'accordo all'utilizzo di cookie analitici (che ci aiutano a capire in che modo gli utenti usano il sito e come migliorarlo, insieme ai nostri servizi) e di tracciamento (inclusi quelli di nostri partner di fiducia) che ci aiutano a decidere quali prodotti mostrarti, a misurare il volume di visite sul nostro sito e a darti la possibilità di mettere "mi piace" e di condividere contenuti direttamente sui social media. Clicca <a id="qui" style="color: #cc071e">qui</a> per vedere a cosa hai dato il tuo consenso e trovare più informazioni sui cookie che utilizziamo.</div><div class="cli-bar-btn_container"><a href="https://yoroi.company/cookie/" id="CONSTANT_OPEN_URL" target="_blank"  class="cli-plugin-main-link"  style="display:inline-block; margin:0px 5px 0px 0px; " >Read More</a><a role='button' tabindex='0' class="medium cli-plugin-button cli-plugin-main-button cli_settings_button" style="margin:0px 5px 0px 0px;" >Gestisci Impostazioni</a><a role='button' tabindex='0' id="cookie_action_close_header_reject"  class="medium cli-plugin-button cli-plugin-main-button cookie_action_close_header_reject cli_action_button"  data-cli_action="reject">Reject All</a><a id="wt-cli-accept-all-btn" tabindex="0" role='button' data-cli_action="accept_all"  class="wt-cli-element medium cli-plugin-button wt-cli-accept-all-btn cookie_action_close_header cli_action_button" >Accetta tutti</a> </div></div> </span></div><div id="cookie-law-info-again" style="display:none;" data-nosnippet="true"><span id="cookie_hdr_showagain">Manage consent</span></div><div class="cli-modal" data-nosnippet="true" id="cliSettingsPopup" tabindex="-1" role="dialog" aria-labelledby="cliSettingsPopup" aria-hidden="true">
  <div class="cli-modal-dialog" role="document">
	<div class="cli-modal-content cli-bar-popup">
	  	<button type="button" class="cli-modal-close" id="cliModalClose">
			<svg class="" viewBox="0 0 24 24"><path d="M19 6.41l-1.41-1.41-5.59 5.59-5.59-5.59-1.41 1.41 5.59 5.59-5.59 5.59 1.41 1.41 5.59-5.59 5.59 5.59 1.41-1.41-5.59-5.59z"></path><path d="M0 0h24v24h-24z" fill="none"></path></svg>
			<span class="wt-cli-sr-only">Close</span>
	  	</button>
	  	<div class="cli-modal-body">
			<div class="cli-container-fluid cli-tab-container">
	<div class="cli-row">
		<div class="cli-col-12 cli-align-items-stretch cli-px-0">
			<div class="cli-privacy-overview">
				<h4>Privacy Overview</h4>				<div class="cli-privacy-content">
					<div class="cli-privacy-content-text">Questo sito, come la maggior parte dei siti web, utilizza cookie, anche di terze parti, per migliorare la tua esperienza di navigazione e raccogliere informazioni sull'utilizzo del sito stesso.</div>
				</div>
				<a class="cli-privacy-readmore"  aria-label="Show more" tabindex="0" role="button" data-readmore-text="Show more" data-readless-text="Show less"></a>			</div>
		</div>
		<div class="cli-col-12 cli-align-items-stretch cli-px-0 cli-tab-section-container">
												<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="necessary" data-toggle="cli-toggle-tab">
								Necessary							</a>
							<div class="wt-cli-necessary-checkbox">
                        <input type="checkbox" class="cli-user-preference-checkbox"  id="wt-cli-checkbox-necessary" data-id="checkbox-necessary" checked="checked"  />
                        <label class="form-check-label" for="wt-cli-checkbox-necessary">Necessary</label>
                    </div>
                    <span class="cli-necessary-caption">Always Enabled</span> 						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="necessary">
								<div class="wt-cli-cookie-description">
									I cookie funzionali contribuiscono al buon funzionamento del nostro sito e ti permettono di creare un account, accedere e gestire le tue prenotazioni. Questi cookie ricordano la lingua e la valuta che hai selezionato, le tue ricerche passate e altre preferenze. Si tratta di cookie tecnici che devono essere attivati per poter utilizzare il nostro sito e i nostri servizi.
<table class="cookielawinfo-row-cat-table cookielawinfo-winter"><thead><tr><th class="cookielawinfo-column-1">Cookie</th><th class="cookielawinfo-column-3">Duration</th><th class="cookielawinfo-column-4">Description</th></tr></thead><tbody><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">pll_language</td><td class="cookielawinfo-column-3">1 year</td><td class="cookielawinfo-column-4">The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.</td></tr></tbody></table>								</div>
							</div>
						</div>
					</div>
																	<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="performance" data-toggle="cli-toggle-tab">
								Performance							</a>
							<div class="cli-switch">
                        <input type="checkbox" id="wt-cli-checkbox-performance" class="cli-user-preference-checkbox"  data-id="checkbox-performance"  />
                        <label for="wt-cli-checkbox-performance" class="cli-slider" data-cli-enable="Enabled" data-cli-disable="Disabled"><span class="wt-cli-sr-only">Performance</span></label>
                    </div>						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="performance">
								<div class="wt-cli-cookie-description">
									Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
								</div>
							</div>
						</div>
					</div>
																	<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="analytics" data-toggle="cli-toggle-tab">
								Analytics							</a>
							<div class="cli-switch">
                        <input type="checkbox" id="wt-cli-checkbox-analytics" class="cli-user-preference-checkbox"  data-id="checkbox-analytics"  />
                        <label for="wt-cli-checkbox-analytics" class="cli-slider" data-cli-enable="Enabled" data-cli-disable="Disabled"><span class="wt-cli-sr-only">Analytics</span></label>
                    </div>						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="analytics">
								<div class="wt-cli-cookie-description">
									I cookie analitici ci aiutano a capire in che modo i clienti come te utilizzano questo sito. In questo modo possiamo migliorare il sito, le app e le comunicazioni e assicurarci di offrire sempre contenuti interessanti e rilevanti.
<table class="cookielawinfo-row-cat-table cookielawinfo-winter"><thead><tr><th class="cookielawinfo-column-1">Cookie</th><th class="cookielawinfo-column-3">Duration</th><th class="cookielawinfo-column-4">Description</th></tr></thead><tbody><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">_ga</td><td class="cookielawinfo-column-3">2 years</td><td class="cookielawinfo-column-4">The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">_gat_gtag_UA_209986505_1</td><td class="cookielawinfo-column-3">1 minute</td><td class="cookielawinfo-column-4">Set by Google to distinguish users.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">_gid</td><td class="cookielawinfo-column-3">1 day</td><td class="cookielawinfo-column-4">Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">CONSENT</td><td class="cookielawinfo-column-3">2 years</td><td class="cookielawinfo-column-4">YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.</td></tr></tbody></table>								</div>
							</div>
						</div>
					</div>
																	<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="advertisement" data-toggle="cli-toggle-tab">
								Marketing							</a>
							<div class="cli-switch">
                        <input type="checkbox" id="wt-cli-checkbox-advertisement" class="cli-user-preference-checkbox"  data-id="checkbox-advertisement"  />
                        <label for="wt-cli-checkbox-advertisement" class="cli-slider" data-cli-enable="Enabled" data-cli-disable="Disabled"><span class="wt-cli-sr-only">Marketing</span></label>
                    </div>						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="advertisement">
								<div class="wt-cli-cookie-description">
									Questo sito e i nostri partner di fiducia usano cookie di terze parti per mostrare messaggi pubblicitari personalizzati su questo sito e su altri siti in base alla tua cronologia di navigazione. Questi cookie vengono usati per integrare i social media sul nostro sito, in modo che tu possa mettere "mi piace" sulle nostre pagine o sui nostri prodotti e condividerli sui social.
<table class="cookielawinfo-row-cat-table cookielawinfo-winter"><thead><tr><th class="cookielawinfo-column-1">Cookie</th><th class="cookielawinfo-column-3">Duration</th><th class="cookielawinfo-column-4">Description</th></tr></thead><tbody><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">VISITOR_INFO1_LIVE</td><td class="cookielawinfo-column-3">5 months 27 days</td><td class="cookielawinfo-column-4">A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">YSC</td><td class="cookielawinfo-column-3">session</td><td class="cookielawinfo-column-4">YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">yt-remote-connected-devices</td><td class="cookielawinfo-column-3">never</td><td class="cookielawinfo-column-4">YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">yt-remote-device-id</td><td class="cookielawinfo-column-3">never</td><td class="cookielawinfo-column-4">YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">yt.innertube::nextId</td><td class="cookielawinfo-column-3">never</td><td class="cookielawinfo-column-4">This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">yt.innertube::requests</td><td class="cookielawinfo-column-3">never</td><td class="cookielawinfo-column-4">This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.</td></tr></tbody></table>								</div>
							</div>
						</div>
					</div>
																	<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="others" data-toggle="cli-toggle-tab">
								Others							</a>
							<div class="cli-switch">
                        <input type="checkbox" id="wt-cli-checkbox-others" class="cli-user-preference-checkbox"  data-id="checkbox-others"  />
                        <label for="wt-cli-checkbox-others" class="cli-slider" data-cli-enable="Enabled" data-cli-disable="Disabled"><span class="wt-cli-sr-only">Others</span></label>
                    </div>						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="others">
								<div class="wt-cli-cookie-description">
									Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
								</div>
							</div>
						</div>
					</div>
										</div>
	</div>
</div>
	  	</div>
	  	<div class="cli-modal-footer">
			<div class="wt-cli-element cli-container-fluid cli-tab-container">
				<div class="cli-row">
					<div class="cli-col-12 cli-align-items-stretch cli-px-0">
						<div class="cli-tab-footer wt-cli-privacy-overview-actions">
						
															<a id="wt-cli-privacy-save-btn" role="button" tabindex="0" data-cli-action="accept" class="wt-cli-privacy-btn cli_setting_save_button wt-cli-privacy-accept-btn cli-btn">SAVE & ACCEPT</a>
													</div>
												<div class="wt-cli-ckyes-footer-section">
							<div class="wt-cli-ckyes-brand-logo">Powered by <a href="https://www.cookieyes.com/"><img src="https://yoroi.company/wp-content/plugins/cookie-law-info/public/images/logo-cookieyes.svg" alt="CookieYes Logo"></a></div>
						</div>
						
					</div>
				</div>
			</div>
		</div>
	</div>
  </div>
</div>
<div class="cli-modal-backdrop cli-fade cli-settings-overlay"></div>
<div class="cli-modal-backdrop cli-fade cli-popupbar-overlay"></div>
<!--googleon: all--><script type="module" src="https://yoroi.company/wp-content/assets/js/countUp.min.js"></script>
<script src="https://yoroi.company/wp-content/assets/js/counters.js" type="module"></script>
<script src="https://yoroi.company/wp-content/assets/js/parallax.min.js"></script>
<script async src="https://cdn.jsdelivr.net/npm/intersection-observer@0.7.0/intersection-observer.js"></script>
<script async src="https://cdn.jsdelivr.net/npm/vanilla-lazyload@12.4.0/dist/lazyload.min.js"></script>	
<script>	
    console.log("%c 🛡️ YOROI® 🛡️", "font-weight: bold; color: #c40030; font-size: 80px; text-align: center");
    window.lazyLoadOptions = {	
        elements_selector: '[data-lazy="true"]'
    };
</script>
<script>
window.onload = (event) => {
  document.querySelectorAll('.cli-tab-section').forEach((e) => {
    if (!e.querySelector('table.cookielawinfo-row-cat-table')) {
        e.style.display = 'none';
    }
  });
	
document.querySelector('#qui').addEventListener('click', () => {
  document.querySelector('#cookie-law-info-bar > span > div > div.cli-bar-btn_container > a.medium.cli-plugin-button.cli-plugin-main-button.cli_settings_button').click()
});

};</script><nav id="sm-menu-26" class="sm-menu sm-menu-26 sm-right sm-cover sm-effect-1 sm-navmenu-mobile-menu-eng" data-id="26"><div class="sm-main-level sm-level sm-has-wrapper-bg"  data-level="1" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner"><div class="sm-close sm-level-component sm-position-left">	<span>		<a href="#" title="Close"><i class="_mi _before genericon genericon-close-alt" aria-hidden="true"></i></a>	</span></div>	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>mobile-menu-eng</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center"><li id="menu-item-227" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-227 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/defence-center/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Defence center</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
<li id="menu-item-226" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-226 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
<li id="menu-item-4194" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4194 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Solutions</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="2" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Solutions</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">	<li id="menu-item-4195" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4195 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Before Attack</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="3" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Before Attack</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">		<li id="menu-item-4210" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4210 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Technologies</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4219" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4219 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4216" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4216 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/dns-defence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">DNS Defence</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4218" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4218 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4217" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4217 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/genku/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Genku</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4215" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4215 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/digital-surveillance/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Digital Surveillance</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
		<li id="menu-item-4209" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4209 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Services</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4222" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4222 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/security-compliance/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Infrastructure &#038; Systems compliance</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4225" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4225 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/scam-protection/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Scam Protection</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4224" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4224 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/scada-security/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">SCADA Security</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4221" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4221 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/early-warning/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Early Warning</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4230" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4230 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/wi-fi-infrastructure-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Wi-Fi Infrastructure Assessment</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4229" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4229 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/vulnerability-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Vulnerability Assessment</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4220" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4220 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/targeted-attack-simulation/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Adversarial Simulation</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4228" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4228 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/cert-computer-emergency-response-team/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat Hunting</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4227" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4227 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/siem-management/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">SIEM management</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4226" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4226 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/security-infrastructure-assessment-sia/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Security Infrastructure Assessment (SIA)</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4223" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4223 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/penetration-testing/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Penetration Testing</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
	<li id="menu-item-4196" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4196 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">During Attack</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="3" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>During Attack</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">		<li id="menu-item-4212" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4212 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Technologies</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4234" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4234 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4232" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4232 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4233" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4233 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/yomi/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Yomi</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4231" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4231 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/email-protection/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Email Protection</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
		<li id="menu-item-4211" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4211 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Services</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4235" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4235 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/irt/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">IRT (Incident Response Team)</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4237" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-4237 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/threat/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Managed Advanced Threat Protection</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4236" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4236 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/kickback-attack/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">KickBack Attack</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
	<li id="menu-item-4197" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4197 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">After Attack</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="3" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>After Attack</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">		<li id="menu-item-4214" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4214 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Technologies</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4238" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4238 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4239" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4239 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
		<li id="menu-item-4213" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4213 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Services</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4241" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4241 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/wi-fi-infrastructure-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Wi-Fi Infrastructure Assessment</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4240" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4240 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/cert-computer-emergency-response-team/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat Hunting</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
<li id="menu-item-5333" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-5333 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Blogs</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="2" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Blogs</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">	<li id="menu-item-5334" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-5334 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/blog/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Yoroi Blog</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
	<li id="menu-item-5335" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-5335 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://marcoramilli.com/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Marco Ramilli Blog</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
<li id="menu-item-4198" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4198 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/downloads/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Downloads</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
<li id="menu-item-228" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-228 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/about-us/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">About us</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
<li id="menu-item-225" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-225 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/contacts/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Contacts</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul></div></div><div class="sm-footer sm-level-component"><div class="sm-footer-text">&copy; 2020 credits: <strong>SimpleNetworks</strong></div></div></div></div></nav>
		<script type="text/javascript">
			jQuery(document).ready(function() {
				jQuery('body').on('click', '.oxy-menu-toggle', function() {
					jQuery(this).parent('.oxy-nav-menu').toggleClass('oxy-nav-menu-open');
					jQuery('body').toggleClass('oxy-nav-menu-prevent-overflow');
					jQuery('html').toggleClass('oxy-nav-menu-prevent-overflow');
				});
				var selector = '.oxy-nav-menu-open .menu-item a[href*="#"]';
				jQuery('body').on('click', selector, function(){
					jQuery('.oxy-nav-menu-open').removeClass('oxy-nav-menu-open');
					jQuery('body').removeClass('oxy-nav-menu-prevent-overflow');
					jQuery('html').removeClass('oxy-nav-menu-prevent-overflow');
					jQuery(this).click();
				});
			});
		</script>

	
		<svg style="position: absolute; width: 0; height: 0; overflow: hidden;" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
		   <defs>
		      <symbol id="oxy-social-icons-icon-linkedin" viewBox="0 0 32 32">
		         <title>linkedin</title>
		         <path d="M12 12h5.535v2.837h0.079c0.77-1.381 2.655-2.837 5.464-2.837 5.842 0 6.922 3.637 6.922 8.367v9.633h-5.769v-8.54c0-2.037-0.042-4.657-3.001-4.657-3.005 0-3.463 2.218-3.463 4.509v8.688h-5.767v-18z"></path>
		         <path d="M2 12h6v18h-6v-18z"></path>
		         <path d="M8 7c0 1.657-1.343 3-3 3s-3-1.343-3-3c0-1.657 1.343-3 3-3s3 1.343 3 3z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-facebook" viewBox="0 0 32 32">
		         <title>facebook</title>
		         <path d="M19 6h5v-6h-5c-3.86 0-7 3.14-7 7v3h-4v6h4v16h6v-16h5l1-6h-6v-3c0-0.542 0.458-1 1-1z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-pinterest" viewBox="0 0 32 32">
		         <title>pinterest</title>
		         <path d="M16 2.138c-7.656 0-13.863 6.206-13.863 13.863 0 5.875 3.656 10.887 8.813 12.906-0.119-1.094-0.231-2.781 0.050-3.975 0.25-1.081 1.625-6.887 1.625-6.887s-0.412-0.831-0.412-2.056c0-1.925 1.119-3.369 2.506-3.369 1.181 0 1.756 0.887 1.756 1.95 0 1.188-0.756 2.969-1.15 4.613-0.331 1.381 0.688 2.506 2.050 2.506 2.462 0 4.356-2.6 4.356-6.35 0-3.319-2.387-5.638-5.787-5.638-3.944 0-6.256 2.956-6.256 6.019 0 1.194 0.456 2.469 1.031 3.163 0.113 0.137 0.131 0.256 0.094 0.4-0.106 0.438-0.338 1.381-0.387 1.575-0.063 0.256-0.2 0.306-0.463 0.188-1.731-0.806-2.813-3.337-2.813-5.369 0-4.375 3.175-8.387 9.156-8.387 4.806 0 8.544 3.425 8.544 8.006 0 4.775-3.012 8.625-7.194 8.625-1.406 0-2.725-0.731-3.175-1.594 0 0-0.694 2.644-0.863 3.294-0.313 1.206-1.156 2.712-1.725 3.631 1.3 0.4 2.675 0.619 4.106 0.619 7.656 0 13.863-6.206 13.863-13.863 0-7.662-6.206-13.869-13.863-13.869z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-youtube" viewBox="0 0 32 32">
		         <title>youtube</title>
		         <path d="M31.681 9.6c0 0-0.313-2.206-1.275-3.175-1.219-1.275-2.581-1.281-3.206-1.356-4.475-0.325-11.194-0.325-11.194-0.325h-0.012c0 0-6.719 0-11.194 0.325-0.625 0.075-1.987 0.081-3.206 1.356-0.963 0.969-1.269 3.175-1.269 3.175s-0.319 2.588-0.319 5.181v2.425c0 2.587 0.319 5.181 0.319 5.181s0.313 2.206 1.269 3.175c1.219 1.275 2.819 1.231 3.531 1.369 2.563 0.244 10.881 0.319 10.881 0.319s6.725-0.012 11.2-0.331c0.625-0.075 1.988-0.081 3.206-1.356 0.962-0.969 1.275-3.175 1.275-3.175s0.319-2.587 0.319-5.181v-2.425c-0.006-2.588-0.325-5.181-0.325-5.181zM12.694 20.15v-8.994l8.644 4.513-8.644 4.481z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-rss" viewBox="0 0 32 32">
		         <title>rss</title>
		         <path d="M4.259 23.467c-2.35 0-4.259 1.917-4.259 4.252 0 2.349 1.909 4.244 4.259 4.244 2.358 0 4.265-1.895 4.265-4.244-0-2.336-1.907-4.252-4.265-4.252zM0.005 10.873v6.133c3.993 0 7.749 1.562 10.577 4.391 2.825 2.822 4.384 6.595 4.384 10.603h6.16c-0-11.651-9.478-21.127-21.121-21.127zM0.012 0v6.136c14.243 0 25.836 11.604 25.836 25.864h6.152c0-17.64-14.352-32-31.988-32z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-twitter" viewBox="0 0 32 32">
		         <title>twitter</title>
		         <path d="M32 7.075c-1.175 0.525-2.444 0.875-3.769 1.031 1.356-0.813 2.394-2.1 2.887-3.631-1.269 0.75-2.675 1.3-4.169 1.594-1.2-1.275-2.906-2.069-4.794-2.069-3.625 0-6.563 2.938-6.563 6.563 0 0.512 0.056 1.012 0.169 1.494-5.456-0.275-10.294-2.888-13.531-6.862-0.563 0.969-0.887 2.1-0.887 3.3 0 2.275 1.156 4.287 2.919 5.463-1.075-0.031-2.087-0.331-2.975-0.819 0 0.025 0 0.056 0 0.081 0 3.181 2.263 5.838 5.269 6.437-0.55 0.15-1.131 0.231-1.731 0.231-0.425 0-0.831-0.044-1.237-0.119 0.838 2.606 3.263 4.506 6.131 4.563-2.25 1.762-5.075 2.813-8.156 2.813-0.531 0-1.050-0.031-1.569-0.094 2.913 1.869 6.362 2.95 10.069 2.95 12.075 0 18.681-10.006 18.681-18.681 0-0.287-0.006-0.569-0.019-0.85 1.281-0.919 2.394-2.075 3.275-3.394z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-instagram" viewBox="0 0 32 32">
		         <title>instagram</title>
		         <path d="M16 2.881c4.275 0 4.781 0.019 6.462 0.094 1.563 0.069 2.406 0.331 2.969 0.55 0.744 0.288 1.281 0.638 1.837 1.194 0.563 0.563 0.906 1.094 1.2 1.838 0.219 0.563 0.481 1.412 0.55 2.969 0.075 1.688 0.094 2.194 0.094 6.463s-0.019 4.781-0.094 6.463c-0.069 1.563-0.331 2.406-0.55 2.969-0.288 0.744-0.637 1.281-1.194 1.837-0.563 0.563-1.094 0.906-1.837 1.2-0.563 0.219-1.413 0.481-2.969 0.55-1.688 0.075-2.194 0.094-6.463 0.094s-4.781-0.019-6.463-0.094c-1.563-0.069-2.406-0.331-2.969-0.55-0.744-0.288-1.281-0.637-1.838-1.194-0.563-0.563-0.906-1.094-1.2-1.837-0.219-0.563-0.481-1.413-0.55-2.969-0.075-1.688-0.094-2.194-0.094-6.463s0.019-4.781 0.094-6.463c0.069-1.563 0.331-2.406 0.55-2.969 0.288-0.744 0.638-1.281 1.194-1.838 0.563-0.563 1.094-0.906 1.838-1.2 0.563-0.219 1.412-0.481 2.969-0.55 1.681-0.075 2.188-0.094 6.463-0.094zM16 0c-4.344 0-4.887 0.019-6.594 0.094-1.7 0.075-2.869 0.35-3.881 0.744-1.056 0.412-1.95 0.956-2.837 1.85-0.894 0.888-1.438 1.781-1.85 2.831-0.394 1.019-0.669 2.181-0.744 3.881-0.075 1.713-0.094 2.256-0.094 6.6s0.019 4.887 0.094 6.594c0.075 1.7 0.35 2.869 0.744 3.881 0.413 1.056 0.956 1.95 1.85 2.837 0.887 0.887 1.781 1.438 2.831 1.844 1.019 0.394 2.181 0.669 3.881 0.744 1.706 0.075 2.25 0.094 6.594 0.094s4.888-0.019 6.594-0.094c1.7-0.075 2.869-0.35 3.881-0.744 1.050-0.406 1.944-0.956 2.831-1.844s1.438-1.781 1.844-2.831c0.394-1.019 0.669-2.181 0.744-3.881 0.075-1.706 0.094-2.25 0.094-6.594s-0.019-4.887-0.094-6.594c-0.075-1.7-0.35-2.869-0.744-3.881-0.394-1.063-0.938-1.956-1.831-2.844-0.887-0.887-1.781-1.438-2.831-1.844-1.019-0.394-2.181-0.669-3.881-0.744-1.712-0.081-2.256-0.1-6.6-0.1v0z"></path>
		         <path d="M16 7.781c-4.537 0-8.219 3.681-8.219 8.219s3.681 8.219 8.219 8.219 8.219-3.681 8.219-8.219c0-4.537-3.681-8.219-8.219-8.219zM16 21.331c-2.944 0-5.331-2.387-5.331-5.331s2.387-5.331 5.331-5.331c2.944 0 5.331 2.387 5.331 5.331s-2.387 5.331-5.331 5.331z"></path>
		         <path d="M26.462 7.456c0 1.060-0.859 1.919-1.919 1.919s-1.919-0.859-1.919-1.919c0-1.060 0.859-1.919 1.919-1.919s1.919 0.859 1.919 1.919z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-facebook-blank" viewBox="0 0 32 32">
		         <title>facebook-blank</title>
		         <path d="M29 0h-26c-1.65 0-3 1.35-3 3v26c0 1.65 1.35 3 3 3h13v-14h-4v-4h4v-2c0-3.306 2.694-6 6-6h4v4h-4c-1.1 0-2 0.9-2 2v2h6l-1 4h-5v14h9c1.65 0 3-1.35 3-3v-26c0-1.65-1.35-3-3-3z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-rss-blank" viewBox="0 0 32 32">
		         <title>rss-blank</title>
		         <path d="M29 0h-26c-1.65 0-3 1.35-3 3v26c0 1.65 1.35 3 3 3h26c1.65 0 3-1.35 3-3v-26c0-1.65-1.35-3-3-3zM8.719 25.975c-1.5 0-2.719-1.206-2.719-2.706 0-1.488 1.219-2.712 2.719-2.712 1.506 0 2.719 1.225 2.719 2.712 0 1.5-1.219 2.706-2.719 2.706zM15.544 26c0-2.556-0.994-4.962-2.794-6.762-1.806-1.806-4.2-2.8-6.75-2.8v-3.912c7.425 0 13.475 6.044 13.475 13.475h-3.931zM22.488 26c0-9.094-7.394-16.5-16.481-16.5v-3.912c11.25 0 20.406 9.162 20.406 20.413h-3.925z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-linkedin-blank" viewBox="0 0 32 32">
		         <title>linkedin-blank</title>
		         <path d="M29 0h-26c-1.65 0-3 1.35-3 3v26c0 1.65 1.35 3 3 3h26c1.65 0 3-1.35 3-3v-26c0-1.65-1.35-3-3-3zM12 26h-4v-14h4v14zM10 10c-1.106 0-2-0.894-2-2s0.894-2 2-2c1.106 0 2 0.894 2 2s-0.894 2-2 2zM26 26h-4v-8c0-1.106-0.894-2-2-2s-2 0.894-2 2v8h-4v-14h4v2.481c0.825-1.131 2.087-2.481 3.5-2.481 2.488 0 4.5 2.238 4.5 5v9z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-pinterest-blank" viewBox="0 0 32 32">
		         <title>pinterest</title>
		         <path d="M16 2.138c-7.656 0-13.863 6.206-13.863 13.863 0 5.875 3.656 10.887 8.813 12.906-0.119-1.094-0.231-2.781 0.050-3.975 0.25-1.081 1.625-6.887 1.625-6.887s-0.412-0.831-0.412-2.056c0-1.925 1.119-3.369 2.506-3.369 1.181 0 1.756 0.887 1.756 1.95 0 1.188-0.756 2.969-1.15 4.613-0.331 1.381 0.688 2.506 2.050 2.506 2.462 0 4.356-2.6 4.356-6.35 0-3.319-2.387-5.638-5.787-5.638-3.944 0-6.256 2.956-6.256 6.019 0 1.194 0.456 2.469 1.031 3.163 0.113 0.137 0.131 0.256 0.094 0.4-0.106 0.438-0.338 1.381-0.387 1.575-0.063 0.256-0.2 0.306-0.463 0.188-1.731-0.806-2.813-3.337-2.813-5.369 0-4.375 3.175-8.387 9.156-8.387 4.806 0 8.544 3.425 8.544 8.006 0 4.775-3.012 8.625-7.194 8.625-1.406 0-2.725-0.731-3.175-1.594 0 0-0.694 2.644-0.863 3.294-0.313 1.206-1.156 2.712-1.725 3.631 1.3 0.4 2.675 0.619 4.106 0.619 7.656 0 13.863-6.206 13.863-13.863 0-7.662-6.206-13.869-13.863-13.869z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-youtube-blank" viewBox="0 0 32 32">
		         <title>youtube</title>
		         <path d="M31.681 9.6c0 0-0.313-2.206-1.275-3.175-1.219-1.275-2.581-1.281-3.206-1.356-4.475-0.325-11.194-0.325-11.194-0.325h-0.012c0 0-6.719 0-11.194 0.325-0.625 0.075-1.987 0.081-3.206 1.356-0.963 0.969-1.269 3.175-1.269 3.175s-0.319 2.588-0.319 5.181v2.425c0 2.587 0.319 5.181 0.319 5.181s0.313 2.206 1.269 3.175c1.219 1.275 2.819 1.231 3.531 1.369 2.563 0.244 10.881 0.319 10.881 0.319s6.725-0.012 11.2-0.331c0.625-0.075 1.988-0.081 3.206-1.356 0.962-0.969 1.275-3.175 1.275-3.175s0.319-2.587 0.319-5.181v-2.425c-0.006-2.588-0.325-5.181-0.325-5.181zM12.694 20.15v-8.994l8.644 4.513-8.644 4.481z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-twitter-blank" viewBox="0 0 32 32">
		         <title>twitter</title>
		         <path d="M32 7.075c-1.175 0.525-2.444 0.875-3.769 1.031 1.356-0.813 2.394-2.1 2.887-3.631-1.269 0.75-2.675 1.3-4.169 1.594-1.2-1.275-2.906-2.069-4.794-2.069-3.625 0-6.563 2.938-6.563 6.563 0 0.512 0.056 1.012 0.169 1.494-5.456-0.275-10.294-2.888-13.531-6.862-0.563 0.969-0.887 2.1-0.887 3.3 0 2.275 1.156 4.287 2.919 5.463-1.075-0.031-2.087-0.331-2.975-0.819 0 0.025 0 0.056 0 0.081 0 3.181 2.263 5.838 5.269 6.437-0.55 0.15-1.131 0.231-1.731 0.231-0.425 0-0.831-0.044-1.237-0.119 0.838 2.606 3.263 4.506 6.131 4.563-2.25 1.762-5.075 2.813-8.156 2.813-0.531 0-1.050-0.031-1.569-0.094 2.913 1.869 6.362 2.95 10.069 2.95 12.075 0 18.681-10.006 18.681-18.681 0-0.287-0.006-0.569-0.019-0.85 1.281-0.919 2.394-2.075 3.275-3.394z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-instagram-blank" viewBox="0 0 32 32">
		         <title>instagram</title>
		         <path d="M16 2.881c4.275 0 4.781 0.019 6.462 0.094 1.563 0.069 2.406 0.331 2.969 0.55 0.744 0.288 1.281 0.638 1.837 1.194 0.563 0.563 0.906 1.094 1.2 1.838 0.219 0.563 0.481 1.412 0.55 2.969 0.075 1.688 0.094 2.194 0.094 6.463s-0.019 4.781-0.094 6.463c-0.069 1.563-0.331 2.406-0.55 2.969-0.288 0.744-0.637 1.281-1.194 1.837-0.563 0.563-1.094 0.906-1.837 1.2-0.563 0.219-1.413 0.481-2.969 0.55-1.688 0.075-2.194 0.094-6.463 0.094s-4.781-0.019-6.463-0.094c-1.563-0.069-2.406-0.331-2.969-0.55-0.744-0.288-1.281-0.637-1.838-1.194-0.563-0.563-0.906-1.094-1.2-1.837-0.219-0.563-0.481-1.413-0.55-2.969-0.075-1.688-0.094-2.194-0.094-6.463s0.019-4.781 0.094-6.463c0.069-1.563 0.331-2.406 0.55-2.969 0.288-0.744 0.638-1.281 1.194-1.838 0.563-0.563 1.094-0.906 1.838-1.2 0.563-0.219 1.412-0.481 2.969-0.55 1.681-0.075 2.188-0.094 6.463-0.094zM16 0c-4.344 0-4.887 0.019-6.594 0.094-1.7 0.075-2.869 0.35-3.881 0.744-1.056 0.412-1.95 0.956-2.837 1.85-0.894 0.888-1.438 1.781-1.85 2.831-0.394 1.019-0.669 2.181-0.744 3.881-0.075 1.713-0.094 2.256-0.094 6.6s0.019 4.887 0.094 6.594c0.075 1.7 0.35 2.869 0.744 3.881 0.413 1.056 0.956 1.95 1.85 2.837 0.887 0.887 1.781 1.438 2.831 1.844 1.019 0.394 2.181 0.669 3.881 0.744 1.706 0.075 2.25 0.094 6.594 0.094s4.888-0.019 6.594-0.094c1.7-0.075 2.869-0.35 3.881-0.744 1.050-0.406 1.944-0.956 2.831-1.844s1.438-1.781 1.844-2.831c0.394-1.019 0.669-2.181 0.744-3.881 0.075-1.706 0.094-2.25 0.094-6.594s-0.019-4.887-0.094-6.594c-0.075-1.7-0.35-2.869-0.744-3.881-0.394-1.063-0.938-1.956-1.831-2.844-0.887-0.887-1.781-1.438-2.831-1.844-1.019-0.394-2.181-0.669-3.881-0.744-1.712-0.081-2.256-0.1-6.6-0.1v0z"></path>
		         <path d="M16 7.781c-4.537 0-8.219 3.681-8.219 8.219s3.681 8.219 8.219 8.219 8.219-3.681 8.219-8.219c0-4.537-3.681-8.219-8.219-8.219zM16 21.331c-2.944 0-5.331-2.387-5.331-5.331s2.387-5.331 5.331-5.331c2.944 0 5.331 2.387 5.331 5.331s-2.387 5.331-5.331 5.331z"></path>
		         <path d="M26.462 7.456c0 1.060-0.859 1.919-1.919 1.919s-1.919-0.859-1.919-1.919c0-1.060 0.859-1.919 1.919-1.919s1.919 0.859 1.919 1.919z"></path>
		      </symbol>
		   </defs>
		</svg>
	
	
		<script type="text/javascript">

            // Initialize Oxygen Modals
            jQuery(document).ready(function() {

                function showModal( modal ) {
                    var $modal = jQuery( modal );
                    $modal.addClass("live");
                    var modalId = $modal[0].querySelector('.ct-modal').id;

                    // Check if this modal can be shown according to settings and last shown time
                    // Current and last time in milliseconds
                    var currentTime = new Date().getTime();
                    var lastShownTime = localStorage && localStorage['oxy-' + modalId + '-last-shown-time'] ? JSON.parse( localStorage['oxy-' + modalId + '-last-shown-time'] ) : false;
                    // manual triggers aren't affected by last shown time
                    if( $modal.data( 'trigger' ) != 'user_clicks_element' ) {
                        switch( $modal.data( 'open-again' ) ) {
                            case 'never_show_again':
                                // if it was shown at least once, don't show it again
                                if( lastShownTime !== false ) return;
                                break;
                            case 'show_again_after':
                                var settingDays = parseInt( $modal.data( 'open-again-after-days' ) );
                                var actualDays = ( currentTime - lastShownTime ) / ( 60*60*24*1000 );
                                if( actualDays < settingDays ) return;
                                break;
                            default:
                                //always show
                                break;
                        }
                    }
                    // save current time as last shown time
                    if( localStorage ) localStorage['oxy-' + modalId + '-last-shown-time'] = JSON.stringify( currentTime );

                    // trick to make jQuery fadeIn with flex
                    $modal.css("display", "flex");
                    $modal.hide();
                    // trick to force AOS trigger on elements inside the modal
                    $modal.find(".aos-animate").removeClass("aos-animate").addClass("aos-animate-disabled");

                    // show the modal
                    $modal.fadeIn(250, function(){
                        // trick to force AOS trigger on elements inside the modal
                        $modal.find(".aos-animate-disabled").removeClass("aos-animate-disabled").addClass("aos-animate");
                    });


                    if( $modal.data( 'close-automatically' ) == 'yes' ) {
                        var time = parseInt( $modal.data( 'close-after-time' ) );
                        if( $modal.data( 'close-after-time-unit' ) == 'seconds' ) {
                            time = parseInt( parseFloat( $modal.data( 'close-after-time' ) ) * 1000 );
                        }
                        setTimeout( function(){
                            hideModal(modal);
                        }, time );
                    }

                    // close modal automatically after form submit (Non-AJAX)
                    if( $modal.data( 'close-after-form-submit' ) == 'yes' && $modal.data("trigger") == "after_specified_time" ) {

                        // WPForms
                        // WPForms replaces the form with a confirmation message on page refresh
                        if( $modal.find(".wpforms-confirmation-container-full").length > 0 ) {
                            setTimeout(function () {
                                hideModal(modal);
                            }, 3000);
                        }

                        // Formidable Forms
                        // Formidable Forms replaces the form with a confirmation message on page refresh
                        if( $modal.find(".frm_message").length > 0 ) {
                            setTimeout(function () {
                                hideModal(modal);
                            }, 3000);
                        }

                        // Caldera Forms
                        // Caldera Forms replaces the form with a confirmation message on page refresh
                        if( $modal.find(".caldera-grid .alert-success").length > 0 ) {
                            setTimeout(function () {
                                hideModal(modal);
                            }, 3000);
                        }

                    }
                }

                var hideModal = function ( modal ) {

                    // The function may be called by third party code, without argument, so we must close the first visible modal
                    if( typeof modal === 'undefined' ) {
                        var openModals = jQuery(".oxy-modal-backdrop.live");
                        if( openModals.length == 0 ) return;
                        modal = openModals[0];
                    }

                    var $modal = jQuery( modal );
                    // refresh any iframe so media embedded this way is stopped
                    $modal.find( 'iframe').each(function(index){
                        this.src = this.src;
                    });
                    // HTML5 videos can be stopped easily
                    $modal.find( 'video' ).each(function(index){
                        this.pause();
                    });
                    // If there are any forms in the modal, reset them
                    $modal.find("form").each(function(index){
                        this.reset();
                    });

                    $modal.fadeOut(400, function(){
                        $modal.removeClass("live");
                    });
                };

                window.oxyCloseModal = hideModal;

                jQuery( ".oxy-modal-backdrop" ).each(function( index ) {

                    var modal = this;

                    (function( modal ){
                        var $modal = jQuery( modal );
						
						var exitIntentFunction = function( e ){
							if( e.clientY <= 0 ) {
								showModal( modal );
								document.removeEventListener( "mouseleave", exitIntentFunction );
								document.removeEventListener( "mouseout", exitIntentFunction );
							}
						}

                        switch ( jQuery( modal ).data("trigger") ) {

                            case "on_exit_intent":
                                document.addEventListener( "mouseleave", exitIntentFunction, false);
								document.addEventListener( "mouseout", exitIntentFunction, false);
                                break;

                            case "user_clicks_element":
                                jQuery( jQuery( modal ).data( 'trigger-selector' ) ).click( function( event ) {
                                    showModal( modal );
                                    event.preventDefault();
                                } );
                                break;

                            case "after_specified_time":
                                var time = parseInt( jQuery( modal ).data( 'trigger-time' ) );
                                if( jQuery( modal ).data( 'trigger-time-unit' ) == 'seconds' ) {
                                    time = parseInt( parseFloat( jQuery( modal ).data( 'trigger-time' ) ) * 1000 );
                                }
                                setTimeout( function(){
                                    showModal( modal );
                                }, time );
                                break;

                            case "after_scrolled_amount":
                                window.addEventListener("scroll", function scrollDetection(){
                                    var winheight= window.innerHeight || (document.documentElement || document.body).clientHeight;
                                    var docheight = jQuery(document).height();
                                    var scrollTop = window.pageYOffset || (document.documentElement || document.body.parentNode || document.body).scrollTop;
                                    var isScrollUp = false;
                                    var oxyPreviousScrollTop = parseInt( jQuery( modal ).data( 'previous_scroll_top' ) );
                                    if( !isNaN( oxyPreviousScrollTop ) ) {
                                        if( oxyPreviousScrollTop > scrollTop) isScrollUp = true;
                                    }
                                    jQuery( modal ).data( 'previous_scroll_top', scrollTop );
                                    var trackLength = docheight - winheight;
                                    var pctScrolled = Math.floor(scrollTop/trackLength * 100);
                                    if( isNaN( pctScrolled ) ) pctScrolled = 0;

                                    if(
                                        ( isScrollUp && jQuery( modal ).data( 'trigger_scroll_direction' ) == 'up' ) ||
                                        ( !isScrollUp && jQuery( modal ).data( 'trigger_scroll_direction' ) == 'down' && pctScrolled >= parseInt( jQuery( modal ).data( 'trigger_scroll_amount' ) ) )
                                    ) {
                                        showModal( modal );
                                        window.removeEventListener( "scroll", scrollDetection );
                                    }
                                }, false);
                                break;
                            case "on_scroll_to_element":
                                window.addEventListener("scroll", function scrollDetection(){
                                    var $element = jQuery( jQuery( modal ).data( 'scroll_to_selector' ) );
                                    if( $element.length == 0 ) {
                                        window.removeEventListener( "scroll", scrollDetection );
                                        return;
                                    }

                                    var top_of_element = $element.offset().top;
                                    var bottom_of_element = $element.offset().top + $element.outerHeight();
                                    var bottom_of_screen = jQuery(window).scrollTop() + jQuery(window).innerHeight();
                                    var top_of_screen = jQuery(window).scrollTop();

                                    if ((bottom_of_screen > bottom_of_element - $element.outerHeight() /2 ) && (top_of_screen < top_of_element + $element.outerHeight() /2 )){
                                        showModal( modal );
                                        window.removeEventListener( "scroll", scrollDetection );
                                    }
                                }, false);
                                break;
                            case "after_number_of_clicks":
                                document.addEventListener("click", function clickDetection(){
                                    var number_of_clicks = parseInt( jQuery( modal ).data( 'number_of_clicks' ) );

                                    var clicks_performed = isNaN( parseInt( jQuery( modal ).data( 'clicks_performed' ) ) ) ? 1 :  parseInt( jQuery( modal ).data( 'clicks_performed' ) ) + 1;

                                    jQuery( modal ).data( 'clicks_performed', clicks_performed );

                                    if ( clicks_performed == number_of_clicks ){
                                        showModal( modal );
                                        document.removeEventListener( "click", clickDetection );
                                    }
                                }, false);
                                break;
                            case "after_time_inactive":
                                var time = parseInt( jQuery( modal ).data( 'time_inactive' ) );
                                if( jQuery( modal ).data( 'time-inactive-unit' ) == 'seconds' ) {
                                    time = parseInt( parseFloat( jQuery( modal ).data( 'time_inactive' ) ) * 1000 );
                                }
                                var activityDetected = function(){
                                    jQuery( modal ).data( 'millis_idle', 0 );
                                };
                                document.addEventListener( "click", activityDetected);
                                document.addEventListener( "mousemove", activityDetected);
                                document.addEventListener( "keypress", activityDetected);
                                document.addEventListener( "scroll", activityDetected);

                                var idleInterval = setInterval(function(){
                                    var millis_idle = isNaN( parseInt( jQuery( modal ).data( 'millis_idle' ) ) ) ? 100 :  parseInt( jQuery( modal ).data( 'millis_idle' ) ) + 100;
                                    jQuery( modal ).data( 'millis_idle', millis_idle );
                                    if( millis_idle > time ){
                                        clearInterval( idleInterval );
                                        document.removeEventListener( "click", activityDetected );
                                        document.removeEventListener( "mousemove", activityDetected );
                                        document.removeEventListener( "keypress", activityDetected );
                                        document.removeEventListener( "scroll", activityDetected );
                                        showModal( modal );
                                    }
                                }, 100);
                                break;

                            case "after_number_of_page_views":
                                var modalId = modal.querySelector('.ct-modal').id;
                                var pageViews = localStorage && localStorage['oxy-' + modalId + '-page-views'] ? parseInt( localStorage['oxy-' + modalId + '-page-views'] ) : 0;
                                pageViews++;
                                if( localStorage ) localStorage['oxy-' + modalId + '-page-views'] = pageViews;
                                if( parseInt( jQuery( modal ).data( 'number_of_page_views' ) ) == pageViews ) {
                                    if( localStorage ) localStorage['oxy-' + modalId + '-page-views'] = 0;
                                    showModal( modal );
                                }
                                break;

                        }

                        // add event handler to close modal automatically after AJAX form submit
                        if( $modal.data( 'close-after-form-submit' ) == 'yes' ) {

                            // Contact Form 7
                            if (typeof wpcf7 !== 'undefined') {
                                $modal.find('div.wpcf7').each(function () {
                                    var $form = jQuery(this).find('form');
                                    this.addEventListener('wpcf7submit', function (event) {
                                        if (event.detail.contactFormId == $form.attr("id")) {
                                            setTimeout(function () {
                                                hideModal(modal);
                                            }, 3000);
                                        }
                                    }, false);
                                });
                            }

                            // Caldera Forms
                            document.addEventListener( "cf.submission", function(event){
                                // Pending, Caldera AJAX form submissions aren't working since Oxygen 2.2, see: https://github.com/soflyy/oxygen/issues/1638
                                console.log( event );
                            });

                            // Ninja Forms
                            jQuery(document).on("nfFormSubmitResponse", function(event, response){
                                // Only close the modal if the event was triggered from a Ninja Form inside the modal
                                if( $modal.find("#nf-form-" + response.id + "-cont").length > 0 ) {
                                    setTimeout(function () {
                                        hideModal(modal);
                                    }, 3000);
                                }
                            });

                        }

                    })( modal );

                });

                // handle clicks on modal backdrop and on .oxy-close-modal
                jQuery("body").on('click touchend', '.oxy-modal-backdrop, .oxy-close-modal', function( event ) {

                    var $this = jQuery( this );
                    var $target = jQuery( event.target );

                    // Click event in the modal div and it's children is propagated to the backdrop
                    if( !$target.hasClass( 'oxy-modal-backdrop' ) && !$this.hasClass( 'oxy-close-modal' ) ) {
                        event.stopPropagation();
                        return;
                    }

                    if( $target.hasClass( 'oxy-modal-backdrop' ) && $this.hasClass( 'oxy-not-closable' ) ) {
                        return;
                    }

                    if( $this.hasClass( 'oxy-close-modal' ) ) event.preventDefault();

                    var $modal = $this.hasClass( 'oxy-close-modal' ) ? $this.closest('.oxy-modal-backdrop') : $this;
                    hideModal( $modal[0] );
                });

                jQuery(document).keyup( function(e){
                    if( e.key == 'Escape' ){
                        jQuery(".oxy-modal-backdrop:visible").each(function(index){
                            if( jQuery(this).data("close_on_esc") == 'on' ) hideModal(this);
                        });
                    }
                } );

            });

		</script>

	<link rel='stylesheet' id='cookie-law-info-table-css'  href='https://yoroi.company/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-table.css?ver=2.0.6' type='text/css' media='all' />
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001' id='jetpack-photon-js'></script>
<script type='text/javascript' src='https://c0.wp.com/c/5.8.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js' id='regenerator-runtime-js'></script>
<script type='text/javascript' src='https://c0.wp.com/c/5.8.2/wp-includes/js/dist/vendor/wp-polyfill.min.js' id='wp-polyfill-js'></script>
<script type='text/javascript' id='contact-form-7-js-extra'>
/* <![CDATA[ */
var wpcf7 = {"api":{"root":"https:\/\/yoroi.company\/wp-json\/","namespace":"contact-form-7\/v1"},"cached":"1"};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.2' id='contact-form-7-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&#038;ver=2d4bf43f398489795f1893179047a63c' id='jetpack-lazy-images-polyfill-intersectionobserver-js'></script>
<script type='text/javascript' id='jetpack-lazy-images-js-extra'>
/* <![CDATA[ */
var jetpackLazyImagesL10n = {"loading_warning":"Images are still loading. Please cancel your print and try again."};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&#038;ver=1c8bb5930b723e669774487342a8fa98' id='jetpack-lazy-images-js'></script>
<script type='text/javascript' src='https://www.google.com/recaptcha/api.js?render=6LfTr-AUAAAAANb_RvhTeWu00N_K6josD9XFY1OD&#038;ver=3.0' id='google-recaptcha-js'></script>
<script type='text/javascript' id='wpcf7-recaptcha-js-extra'>
/* <![CDATA[ */
var wpcf7_recaptcha = {"sitekey":"6LfTr-AUAAAAANb_RvhTeWu00N_K6josD9XFY1OD","actions":{"homepage":"homepage","contactform":"contactform"}};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.2' id='wpcf7-recaptcha-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/modernizr/modernizr.js?ver=1.2.7' id='slick-menu-modernizr-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/greensock/TweenMax.min.js?ver=1.2.7' id='slick-menu-tween-max-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/greensock/ScrollToPlugin.min.js?ver=1.2.7' id='slick-menu-gsap-scrollto-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/body-scroll-lock/body-scroll-lock.min.js?ver=1.2.7' id='slick-menu-body-scroll-lock-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/js/utils.min.js?ver=1.2.7' id='slick-menu-utils-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/js/slickmenu.min.js?ver=1.2.7' id='slick-menu-slickmenu-js'></script>
<script type='text/javascript' id='slick-menu-frontend-js-extra'>
/* <![CDATA[ */
var SM_VARS = {"ajaxurl":"https:\/\/yoroi.company\/wp-admin\/admin-ajax.php","sm_ajaxurl":"https:\/\/yoroi.company\/?sm_ajax=build_menu&t=1640290164","assets_url":"https:\/\/yoroi.company\/wp-content\/plugins\/slick-menu\/assets\/","options":{"26":{"close-link-hidden":"0","close-link-position":"left","close-link-color":"rgba(255, 255, 255, 0.8)","close-link-hover-color":"rgba(255, 255, 255, 1)","close-link-bg-color":"","close-link-hover-bg-color":"","close-link-icon":{"type":"genericon","icon":"genericon-close-alt"},"close-link-icon-size":"25px","close-link-padding":"","close-link-margin":"10px 20px","close-link-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"close-link-animation":"","content-bg":[],"content-shadow":{"hshadow":"0","vshadow":"0","blur":"0","spread":"0"},"content-filter":"sm-filter-brightness","exclude-pages":[],"mobile-breakpoint":"","menu-ajax":"0","menu-position":"right","menu-open-active-level":"1","menu-always-visible":"0","menu-shadow":{"hshadow":"0","vshadow":"0","blur":"0","spread":"0"},"level-animation-type":"cover","menu-animation-type":"sm-effect-1","menu-mobile-animation-type":"sm-effect-2","menu-open-duration":"350","menu-open-easing":"ease-out","menu-close-duration":"300","menu-close-easing":"ease-in","menu-overlap-font-family":"","menu-overlap-title-color":"#ffffff","menu-overlap-icon-color":"#ffffff","menu-overlap-bg-color":"rgba(0, 0, 0, 0.3)","back-link-hidden":"0","back-link-vposition":"bottom","back-link-position":"right","back-link-font-family":"","back-link-font-size":"14px","back-link-color":"rgba(255, 255, 255, 0.8)","back-link-hover-color":"rgba(255, 255, 255, 1)","back-link-icon":{"type":"","icon":""},"back-link-icon-only":"0","back-link-icon-position":"after","back-link-icon-size":"16px","back-link-padding":"","back-link-margin":"16px","level-bg":{"color":"rgba(43, 43, 41, 1)"},"level-pattern":{"pattern":"https:\/\/yoroi.company\/wp-content\/plugins\/slick-menu\/assets\/\/images\/patterns\/_none.png","opacity":"0.01"},"level-overlay":{"type":"color"},"level-video":{"opacity":"0","scale":"0"},"description-enabled":"0","description-from-page":"0","description-text":"","description-page":"","description-font-family":"","description-font-size":"18px","description-line-height":"24px","description-text-transform":"none","description-text-align":"center","description-font-color":"#ffffff","description-bg-color":"","description-width":"","description-padding":"20px","description-margin":"0 0 15px 0","description-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"description-animation":"","footer-min-height":"","level-footer-stick-bottom":"1","level-footer-over-content":"0","footer-text":"&copy; 2020 credits: <strong>SimpleNetworks<\/strong>","footer-text-font-family":"","footer-text-font-size":"14px","footer-text-align":"center","footer-bg":[],"footer-pattern":{"opacity":"0.5"},"footer-overlay":{"type":"color"},"footer-text-color":"rgba(255, 255, 255, 0.9)","footer-padding":"0 25px 25px","footer-margin":"","footer-text-padding":"","footer-animation":"","level-width":"280px","level-mobile-centered":"0","level-valign":"middle","level-disabled-scroll":"0","level-show-scrollbar":"0","level-scroll-to-current":"0","level-padding":"40px 0","level-header-stick-top":"0","level-header-over-content":"0","header-bg":{"repeat":"no-repeat","size":"contain","position":"center top"},"header-pattern":{"opacity":"0.5"},"header-overlay":{"type":"color","color":"rgba(255, 255, 255, 0)"},"header-padding":"0 16px 16px","header-margin":"16px 0","menu-items-hidden":"0","menu-items-hide-label":"0","menu-items-label-visibility":"0","menu-items-fullwidth":"1","menu-items-height":"","menu-items-font-family":"","menu-items-font-size":"18px","menu-items-line-height":"1.7","menu-items-text-transform":"none","menu-items-text-align":"center","menu-items-vertical-align":"middle","menu-items-font-color":"rgba(255, 255, 255, 0.9)","menu-items-bg-color":"","menu-items-active-font-color":"#ffffff","menu-items-active-bg-color":"rgba(0, 0, 0, 0.1)","menu-items-hover-font-color":"#ffffff","menu-items-hover-bg-color":"rgba(0, 0, 0, 0.1)","menu-items-padding":"8px 32px","menu-items-margin":"","menu-items-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"menu-items-icon-size":"25px","menu-items-icon-line-height":"","menu-items-icon-width":"","menu-items-icon-halign":"left","menu-items-icon-valign":"middle","menu-items-icon-color":"rgba(255, 255, 255, 0.9)","menu-items-icon-hover-color":"#ffffff","menu-items-arrow-icon":{"type":"fa","icon":"fa-angle-right"},"menu-items-arrow-hide":"0","menu-items-arrow-position":"right","menu-items-arrow-size":"18px","menu-items-arrow-hoffset":"0","menu-items-arrow-voffset":"0","menu-items-arrow-color":"rgba(255, 255, 255, 0.6)","menu-items-hover-arrow-color":"rgba(255, 255, 255, 0.6)","menu-items-thumb-general-settings":"","menu-items-thumb-position":"above","menu-items-thumb-bg-repeat":"no-repeat","menu-items-thumb-bg-size":"cover","menu-items-thumb-bg-position":"center center","menu-items-thumb-size-settings":"","menu-items-thumb-size":"medium","menu-items-thumb-width":"","menu-items-thumb-height":"","menu-items-thumb-crop":"0","menu-items-thumb-stretch":"0","menu-items-thumb-spacing-settings":"","menu-items-thumb-margin":"10px auto","menu-items-thumb-overlay-settings":"","menu-items-thumb-bg-overlay":{"type":"color"},"menu-items-thumb-hover-bg-overlay":{"type":"color"},"menu-items-thumb-filters-settings":"","menu-items-thumb-filter":"","menu-items-thumb-hover-filter":"","menu-items-animation":"","menu-items-hover-animation":"sm-hover-normal","menu-items-shadow":{"hshadow":"0","vshadow":"0","blur":"0","spread":"0"},"menu-items-hover-shadow":{"hshadow":"0","vshadow":"0","blur":"0","spread":"0"},"menu-items-inactive-transforms":{"perspective-origin":"left top"},"menu-items-transforms":{"perspective-origin":"left top"},"menu-items-hover-transforms":{"perspective-origin":"left top"},"level-menu-width":"","level-menu-align":"center","level-menu-columns":"1-1","level-menu-column-align":"center","level-menu-padding":"","subtitle-enabled":"0","subtitle-text":"","subtitle-font-family":"","subtitle-font-size":"24px","subtitle-text-transform":"none","subtitle-text-align":"center","subtitle-font-color":"#ffffff","subtitle-bg-color":"","subtitle-padding":"20px","subtitle-margin":"0 0 15px 0","subtitle-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"subtitle-animation":"","title-hidden":"1","title-override":"","title-fullwidth":"1","title-stick-top":"0","title-position":"center","title-font-family":"","title-font-size":"24px","title-text-transform":"none","title-text-align":"center","title-font-color":"#ffffff","title-bg-color":"rgba(0, 0, 0, 0.1)","title-show-icon":"0","title-main-icon":{"type":"","icon":""},"title-icon-size":"24px","title-icon-color":"#ffffff","title-padding":"20px","title-margin":"0 0 15px 0","title-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"title-animation":"","logo-main-level":"0","logo-use-avatar":"0","logo":[],"logo-url":"","logo-width":"130px","logo-height":"","logo-align":"center","logo-padding":"40px 25px","logo-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"logo-animation":"","search-enabled":"0","search-text-align":"left","search-show-placeholder":"0","search-font-family":"","search-font-size":"20px","search-bg-color":"rgba(255, 255, 255, 0.1)","search-font-color":"rgba(255, 255, 255, 0.7)","search-icon-position":"right","search-icon-size":"20px","search-icon-color":"rgba(255, 255, 255, 0.7)","search-width":"","search-margin":"15px","search-hpadding":"15px","search-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"search-animation":"","menu-trigger-info":"","menu-trigger-class":"","menu-trigger-custom-selector":"","menu-api-toggle":"","menu-api-open":"","menu-api-full":"","wrapper-msg":"","wrapper-bg":[],"wrapper-pattern":{"opacity":"0.5"},"wrapper-overlay":{"type":"color"},"wrapper-video":{"opacity":"0","scale":"0"},"wrapper-filter":"sm-filter-brightness","saved":"1","trigger-menu":"","menu-id":"","menu-item-icon":"","menu-item-icon-position":"","menu-item-hide-label":"","menu-item-label-visibility":"","menu-item-fullwidth":"","menu-item-height":"","menu-item-font-family":"","menu-item-font-size":"","menu-item-line-height":"","menu-item-text-transform":"","menu-item-text-align":"","menu-item-vertical-align":"","menu-item-font-color":"","menu-item-bg-color":"","menu-item-active-font-color":"","menu-item-active-bg-color":"","menu-item-hover-font-color":"","menu-item-hover-bg-color":"","menu-item-padding":"","menu-item-margin":"","menu-item-border":[],"menu-item-icon-size":"","menu-item-icon-line-height":"","menu-item-icon-width":"","menu-item-icon-halign":"","menu-item-icon-valign":"","menu-item-icon-color":"","menu-item-icon-hover-color":"","menu-item-arrow-hide":"","menu-item-arrow-position":"","menu-item-arrow-size":"","menu-item-arrow-hoffset":"","menu-item-arrow-voffset":"","menu-item-arrow-color":"","menu-item-hover-arrow-color":"","menu-item-thumb-general-settings":"","menu-item-thumb":[],"menu-item-thumb-position":"","menu-item-thumb-bg-repeat":"","menu-item-thumb-bg-size":"","menu-item-thumb-bg-position":"","menu-item-thumb-size-settings":"","menu-item-thumb-size":"","menu-item-thumb-width":"","menu-item-thumb-height":"","menu-item-thumb-crop":"","menu-item-thumb-stretch":"","menu-item-thumb-spacing-settings":"","menu-item-thumb-margin":"","menu-item-thumb-overlay-settings":"","menu-item-thumb-bg-overlay":[],"menu-item-thumb-hover-bg-overlay":[],"menu-item-thumb-filters-settings":"","menu-item-thumb-filter":"","menu-item-thumb-hover-filter":"","menu-item-animation":"","menu-item-hover-animation":"","menu-item-shadow":[],"menu-item-hover-shadow":[],"menu-item-inactive-transforms":[],"menu-item-transforms":[],"menu-item-hover-transforms":[],"menu-item-column":"","level-show-empty":"","logo-hidden":"","submenu-items-hidden":"","submenu-items-label-visibility":"","submenu-items-fullwidth":"","submenu-items-height":"","submenu-items-font-family":"","submenu-items-font-size":"","submenu-items-line-height":"","submenu-items-text-transform":"","submenu-items-text-align":"","submenu-items-vertical-align":"","submenu-items-font-color":"","submenu-items-bg-color":"","submenu-items-active-font-color":"","submenu-items-active-bg-color":"","submenu-items-hover-font-color":"","submenu-items-hover-bg-color":"","submenu-items-padding":"","submenu-items-margin":"","submenu-items-border":[],"submenu-items-icon-size":"","submenu-items-icon-line-height":"","submenu-items-icon-width":"","submenu-items-icon-halign":"","submenu-items-icon-valign":"","submenu-items-icon-color":"","submenu-items-icon-hover-color":"","submenu-items-arrow-hide":"","submenu-items-arrow-position":"","submenu-items-arrow-size":"","submenu-items-arrow-hoffset":"","submenu-items-arrow-voffset":"","submenu-items-arrow-color":"","submenu-items-hover-arrow-color":"","submenu-items-thumb-general-settings":"","submenu-items-thumb-position":"","submenu-items-thumb-bg-repeat":"","submenu-items-thumb-bg-size":"","submenu-items-thumb-bg-position":"","submenu-items-thumb-size-settings":"","submenu-items-thumb-size":"","submenu-items-thumb-width":"","submenu-items-thumb-height":"","submenu-items-thumb-crop":"","submenu-items-thumb-stretch":"","submenu-items-thumb-spacing-settings":"","submenu-items-thumb-margin":"","submenu-items-thumb-overlay-settings":"","submenu-items-thumb-bg-overlay":[],"submenu-items-thumb-hover-bg-overlay":[],"submenu-items-thumb-filters-settings":"","submenu-items-thumb-filter":"","submenu-items-thumb-hover-filter":"","submenu-items-animation":"","submenu-items-hover-animation":"","submenu-items-shadow":[],"submenu-items-hover-shadow":[],"submenu-items-inactive-transforms":[],"submenu-items-transforms":[],"submenu-items-hover-transforms":[],"enabled":"yes","menu-trigger-selector":".sm-trigger-26","real-mobile-breakpoint":0}},"filterMenuOptions":[],"settings":[],"debug":"","sm_debug":""};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/js/frontend.min.js?ver=1.2.7' id='slick-menu-frontend-js'></script>
<script type='text/javascript'>
(function() {
				var expirationDate = new Date();
				expirationDate.setTime( expirationDate.getTime() + 31536000 * 1000 );
				document.cookie = "pll_language=en; expires=" + expirationDate.toUTCString() + "; path=/; secure; SameSite=Lax";
			}());
</script>
<script type="text/javascript" id="ct-footer-js">jQuery('.menu').attr({'data-aos-enable': 'true','data-aos': 'slide-left',});jQuery('.service__icon').attr({'data-aos-enable': 'true','data-aos': 'fade-down','data-aos-duration': '800','data-aos-offset': '50','data-aos-once': 'true',});
	  	AOS.init({
	  		  		  		  		  		  		  				  			})
		
				jQuery('body').addClass('oxygen-aos-enabled');
		
		
	</script><script type="text/javascript" id="ct_code_block_js_100133">var cursor = {
    delay: 8,
    _x: 0,
    _y: 0,
    endX: (window.innerWidth / 2),
    endY: (window.innerHeight / 2),
    cursorVisible: true,
    cursorEnlarged: false,
    $dot: document.querySelector('.cursor-dot'),
    $outline: document.querySelector('.cursor-dot-outline'),
    
    init: function() {
        // Set up element sizes
        this.dotSize = this.$dot.offsetWidth;
        this.outlineSize = this.$outline.offsetWidth;
        
        this.setupEventListeners();
        this.animateDotOutline();
    },
    
//     updateCursor: function(e) {
//         var self = this;
        
//         console.log(e)
        
//         // Show the cursor
//         self.cursorVisible = true;
//         self.toggleCursorVisibility();

//         // Position the dot
//         self.endX = e.pageX;
//         self.endY = e.pageY;
//         self.$dot.style.top = self.endY + 'px';
//         self.$dot.style.left = self.endX + 'px';
//     },
    
    setupEventListeners: function() {
        var self = this;
        
        // Anchor hovering
        document.querySelectorAll('a, #image-118-8, .button').forEach(function(el) {
            el.addEventListener('mouseover', function() {
                self.cursorEnlarged = true;
                self.toggleCursorSize();
            });
            el.addEventListener('mouseout', function() {
                self.cursorEnlarged = false;
                self.toggleCursorSize();
            });
        });
        
        // Click events
        document.addEventListener('mousedown', function() {
            self.cursorEnlarged = true;
            self.toggleCursorSize();
        });
        document.addEventListener('mouseup', function() {
            self.cursorEnlarged = false;
            self.toggleCursorSize();
        });
  
  
        document.addEventListener('mousemove', function(e) {
            // Show the cursor
            self.cursorVisible = true;
            self.toggleCursorVisibility();

            // Position the dot
            self.endX = e.pageX;
            self.endY = e.pageY;
            self.$dot.style.top = self.endY + 'px';
            self.$dot.style.left = self.endX + 'px';
        });
        
        // Hide/show cursor
        document.addEventListener('mouseenter', function(e) {
            self.cursorVisible = true;
            self.toggleCursorVisibility();
            self.$dot.style.opacity = 1;
            self.$outline.style.opacity = 1;
        });
        
        document.addEventListener('mouseleave', function(e) {
            self.cursorVisible = true;
            self.toggleCursorVisibility();
            self.$dot.style.opacity = 0;
            self.$outline.style.opacity = 0;
        });
    },
    
    animateDotOutline: function() {
        var self = this;
        
        self._x += (self.endX - self._x) / self.delay;
        self._y += (self.endY - self._y) / self.delay;
        self.$outline.style.top = self._y + 'px';
        self.$outline.style.left = self._x + 'px';
        
        requestAnimationFrame(this.animateDotOutline.bind(self));
    },
    
    toggleCursorSize: function() {
        var self = this;
        
        if (self.cursorEnlarged) {
            self.$dot.style.transform = 'translate(-50%, -50%) scale(0.75)';
            self.$outline.style.transform = 'translate(-50%, -50%) scale(1.5)';
        } else {
            self.$dot.style.transform = 'translate(-50%, -50%) scale(1)';
            self.$outline.style.transform = 'translate(-50%, -50%) scale(1)';
        }
    },
    
    toggleCursorVisibility: function() {
        var self = this;
        
        if (self.cursorVisible) {
            self.$dot.style.opacity = 1;
            self.$outline.style.opacity = 1;
        } else {
            self.$dot.style.opacity = 0;
            self.$outline.style.opacity = 0;
        }
    }
}

cursor.init();</script>
<style type="text/css" id="ct_code_block_css_100133">.cursor-dot,
.cursor-dot-outline {
  	z-index: 10000;
    pointer-events: none;
    position: absolute;
    top: 50%;
    left: 50%;
    border-radius: 50%;
    opacity: 0;
    transform: translate(-50%, -50%);
    transition: opacity 0.15s ease-in-out,
                transform 0.15s ease-in-out;
  
  	-webkit-box-shadow: 0px 0px 1px 1.5px rgba(165,41,41, .5); 
    -moz-box-shadow: 0px 0px 1px 1.5px rgba(165,41,41,.5); 
    box-shadow: 0px 0px 1px 1.5px rgba(165,41,41, .5); 
}

.cursor-dot {
    width: 8px;
    height: 8px;
    background-color: #f8f7f7;
}

.cursor-dot-outline {
    width: 40px;
    height: 40px;
  	border: 1.5px solid #f8f7f7;
    background-color: transparent;
}</style>
<script type="text/javascript" id="ct_code_block_js_100181">Timers = window;


const smc = document.querySelector('#div_block-184-8');
smc.addEventListener('click', (e) => {SlickMenu.toggle(26, () => {
  setTimeout(patchClose, 750);
})});
smc.addEventListener('touchstart', (e) => {SlickMenu.toggle(26, () => {
  setTimeout(patchClose, 750);
})});

function patchClose() {
  element2 = document.querySelector('.sm-close');
  clone2 = element2.cloneNode(true);
  element2.parentNode.replaceChild(clone2, element2);

  sm2 = document.querySelector('.sm-close');
  sm2.addEventListener('click', (e) => {SlickMenu.toggle(26, () => {})}) 
}


/*document.querySelectorAll('.wpcf7-form').forEach(f => f.querySelectorAll('form > div:nth-last-child(3)').forEach(e => e.style.display = "none"));
document.querySelectorAll('.wpcf7-form').forEach(f => f.querySelectorAll('form > div:nth-child(9) > label > span:nth-child(4)').forEach(e => e.innerHTML = 'Io sottoscritto dichiaro di aver letto e compreso l’<a href="https://yoroi.company/privacy-policy/" target="_blank">informativa privacy</a>.'))
*/</script>
<style type="text/css" id="ct_code_block_css_100181">.header .oxy-nav-menu .menu-item-home a {

}</style>
<script src='https://stats.wp.com/e-202151.js' defer></script>
<script>
	_stq = window._stq || [];
	_stq.push([ 'view', {v:'ext',j:'1:10.5-a.3',blog:'151656741',post:'4825',tz:'2',srv:'yoroi.company'} ]);
	_stq.push([ 'clickTrackerInit', '151656741', '4825' ]);
</script>
<!-- /WP_FOOTER --> 
</body>
</html>
